1 /* Do not modify this file. Changes will be overwritten. */ 2 /* Generated automatically by the ASN.1 to Wireshark dissector compiler */ 3 /* packet-kerberos.c */ 4 /* asn2wrs.py -b -p kerberos -c ./kerberos.cnf -s ./packet-kerberos-template -D . -O ../.. KerberosV5Spec2.asn k5.asn RFC3244.asn RFC6113.asn SPAKE.asn */ 5 6 /* Input file: packet-kerberos-template.c */ 7 8 #line 1 "./asn1/kerberos/packet-kerberos-template.c" 9 /* packet-kerberos.c 10 * Routines for Kerberos 11 * Wes Hardaker (c) 2000 12 * wjhardaker@ucdavis.edu 13 * Richard Sharpe (C) 2002, rsharpe@samba.org, modularized a bit more and 14 * added AP-REQ and AP-REP dissection 15 * 16 * Ronnie Sahlberg (C) 2004, major rewrite for new ASN.1/BER API. 17 * decryption of kerberos blobs if keytab is provided 18 * 19 * See RFC 1510, and various I-Ds and other documents showing additions, 20 * e.g. ones listed under 21 * 22 * http://clifford.neuman.name/krb-revisions/ 23 * 24 * and 25 * 26 * https://tools.ietf.org/html/draft-ietf-krb-wg-kerberos-clarifications-07 27 * 28 * and 29 * 30 * https://tools.ietf.org/html/draft-ietf-krb-wg-kerberos-referrals-05 31 * 32 * Some structures from RFC2630 33 * 34 * Wireshark - Network traffic analyzer 35 * By Gerald Combs <gerald@wireshark.org> 36 * Copyright 1998 Gerald Combs 37 * 38 * SPDX-License-Identifier: GPL-2.0-or-later 39 */ 40 41 /* 42 * Some of the development of the Kerberos protocol decoder was sponsored by 43 * Cable Television Laboratories, Inc. ("CableLabs") based upon proprietary 44 * CableLabs' specifications. Your license and use of this protocol decoder 45 * does not mean that you are licensed to use the CableLabs' 46 * specifications. If you have questions about this protocol, contact 47 * jf.mule [AT] cablelabs.com or c.stuart [AT] cablelabs.com for additional 48 * information. 49 */ 50 51 #include <config.h> 52 53 #include <stdio.h> 54 55 // krb5.h needs to be included before the defines in packet-kerberos.h 56 #if defined(HAVE_HEIMDAL_KERBEROS) || defined(HAVE_MIT_KERBEROS) 57 #ifdef _WIN32 58 /* prevent redefinition warnings in krb5's win-mac.h */ 59 #define SSIZE_T_DEFINED 60 #endif /* _WIN32 */ 61 #include <krb5.h> 62 #endif 63 64 #include <epan/packet.h> 65 #include <epan/exceptions.h> 66 #include <epan/strutil.h> 67 #include <epan/conversation.h> 68 #include <epan/asn1.h> 69 #include <epan/expert.h> 70 #include <epan/prefs.h> 71 #include <wsutil/wsgcrypt.h> 72 #include <wsutil/file_util.h> 73 #include <wsutil/str_util.h> 74 #include <wsutil/pint.h> 75 #include "packet-kerberos.h" 76 #include "packet-netbios.h" 77 #include "packet-tcp.h" 78 #include "packet-ber.h" 79 #include "packet-pkinit.h" 80 #include "packet-cms.h" 81 #include "packet-windows-common.h" 82 83 #include "read_keytab_file.h" 84 85 #include "packet-dcerpc-netlogon.h" 86 #include "packet-dcerpc.h" 87 88 #include "packet-gssapi.h" 89 #include "packet-x509af.h" 90 91 #define KEY_USAGE_FAST_REQ_CHKSUM 50 92 #define KEY_USAGE_FAST_ENC 51 93 #define KEY_USAGE_FAST_REP 52 94 #define KEY_USAGE_FAST_FINISHED 53 95 #define KEY_USAGE_ENC_CHALLENGE_CLIENT 54 96 #define KEY_USAGE_ENC_CHALLENGE_KDC 55 97 98 void proto_register_kerberos(void); 99 void proto_reg_handoff_kerberos(void); 100 101 #define UDP_PORT_KERBEROS 88 102 #define TCP_PORT_KERBEROS 88 103 104 #define ADDRESS_STR_BUFSIZ 256 105 106 typedef struct kerberos_key { 107 guint32 keytype; 108 int keylength; 109 const guint8 *keyvalue; 110 } kerberos_key_t; 111 112 typedef void (*kerberos_key_save_fn)(tvbuff_t *tvb _U_, int offset _U_, int length _U_, 113 asn1_ctx_t *actx _U_, proto_tree *tree _U_, 114 int parent_hf_index _U_, 115 int hf_index _U_); 116 117 typedef struct { 118 guint32 msg_type; 119 gboolean is_win2k_pkinit; 120 guint32 errorcode; 121 gboolean try_nt_status; 122 guint32 etype; 123 guint32 padata_type; 124 guint32 is_enc_padata; 125 guint32 enctype; 126 kerberos_key_t key; 127 proto_tree *key_tree; 128 proto_item *key_hidden_item; 129 tvbuff_t *key_tvb; 130 kerberos_callbacks *callbacks; 131 guint32 ad_type; 132 guint32 addr_type; 133 guint32 checksum_type; 134 #ifdef HAVE_KERBEROS 135 enc_key_t *last_decryption_key; 136 enc_key_t *last_added_key; 137 tvbuff_t *last_ticket_enc_part_tvb; 138 #endif 139 gint save_encryption_key_parent_hf_index; 140 kerberos_key_save_fn save_encryption_key_fn; 141 guint learnt_key_ids; 142 guint missing_key_ids; 143 wmem_list_t *decryption_keys; 144 wmem_list_t *learnt_keys; 145 wmem_list_t *missing_keys; 146 guint32 within_PA_TGS_REQ; 147 #ifdef HAVE_KERBEROS 148 enc_key_t *PA_TGS_REQ_key; 149 enc_key_t *PA_TGS_REQ_subkey; 150 #endif 151 guint32 fast_type; 152 guint32 fast_armor_within_armor_value; 153 #ifdef HAVE_KERBEROS 154 enc_key_t *PA_FAST_ARMOR_AP_key; 155 enc_key_t *PA_FAST_ARMOR_AP_subkey; 156 enc_key_t *fast_armor_key; 157 enc_key_t *fast_strengthen_key; 158 #endif 159 } kerberos_private_data_t; 160 161 static dissector_handle_t kerberos_handle_udp; 162 163 /* Forward declarations */ 164 static int dissect_kerberos_Applications(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); 165 static int dissect_kerberos_AuthorizationData(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); 166 static int dissect_kerberos_PA_ENC_TIMESTAMP(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); 167 #ifdef HAVE_KERBEROS 168 static int dissect_kerberos_PA_ENC_TS_ENC(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); 169 #endif 170 static int dissect_kerberos_PA_PAC_REQUEST(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); 171 static int dissect_kerberos_PA_S4U2Self(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); 172 static int dissect_kerberos_PA_S4U_X509_USER(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); 173 static int dissect_kerberos_ETYPE_INFO(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); 174 static int dissect_kerberos_ETYPE_INFO2(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); 175 static int dissect_kerberos_AD_IF_RELEVANT(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); 176 static int dissect_kerberos_PA_AUTHENTICATION_SET_ELEM(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); 177 static int dissect_kerberos_PA_FX_FAST_REQUEST(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); 178 static int dissect_kerberos_EncryptedChallenge(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); 179 static int dissect_kerberos_PA_KERB_KEY_LIST_REQ(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); 180 static int dissect_kerberos_PA_KERB_KEY_LIST_REP(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); 181 static int dissect_kerberos_PA_FX_FAST_REPLY(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); 182 static int dissect_kerberos_PA_PAC_OPTIONS(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); 183 static int dissect_kerberos_KERB_AD_RESTRICTION_ENTRY(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); 184 static int dissect_kerberos_SEQUENCE_OF_ENCTYPE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); 185 static int dissect_kerberos_PA_SPAKE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); 186 #ifdef HAVE_KERBEROS 187 static int dissect_kerberos_KrbFastReq(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); 188 static int dissect_kerberos_KrbFastResponse(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); 189 static int dissect_kerberos_FastOptions(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); 190 #endif 191 192 /* Desegment Kerberos over TCP messages */ 193 static gboolean krb_desegment = TRUE; 194 195 static gint proto_kerberos = -1; 196 197 static gint hf_krb_rm_reserved = -1; 198 static gint hf_krb_rm_reclen = -1; 199 static gint hf_krb_provsrv_location = -1; 200 static gint hf_krb_pw_salt = -1; 201 static gint hf_krb_ext_error_nt_status = -1; 202 static gint hf_krb_ext_error_reserved = -1; 203 static gint hf_krb_ext_error_flags = -1; 204 static gint hf_krb_address_ip = -1; 205 static gint hf_krb_address_netbios = -1; 206 static gint hf_krb_address_ipv6 = -1; 207 static gint hf_krb_gssapi_len = -1; 208 static gint hf_krb_gssapi_bnd = -1; 209 static gint hf_krb_gssapi_dlgopt = -1; 210 static gint hf_krb_gssapi_dlglen = -1; 211 static gint hf_krb_gssapi_c_flag_deleg = -1; 212 static gint hf_krb_gssapi_c_flag_mutual = -1; 213 static gint hf_krb_gssapi_c_flag_replay = -1; 214 static gint hf_krb_gssapi_c_flag_sequence = -1; 215 static gint hf_krb_gssapi_c_flag_conf = -1; 216 static gint hf_krb_gssapi_c_flag_integ = -1; 217 static gint hf_krb_gssapi_c_flag_dce_style = -1; 218 static gint hf_krb_midl_version = -1; 219 static gint hf_krb_midl_hdr_len = -1; 220 static gint hf_krb_midl_fill_bytes = -1; 221 static gint hf_krb_midl_blob_len = -1; 222 static gint hf_krb_pac_signature_type = -1; 223 static gint hf_krb_pac_signature_signature = -1; 224 static gint hf_krb_w2k_pac_entries = -1; 225 static gint hf_krb_w2k_pac_version = -1; 226 static gint hf_krb_w2k_pac_type = -1; 227 static gint hf_krb_w2k_pac_size = -1; 228 static gint hf_krb_w2k_pac_offset = -1; 229 static gint hf_krb_pac_clientid = -1; 230 static gint hf_krb_pac_namelen = -1; 231 static gint hf_krb_pac_clientname = -1; 232 static gint hf_krb_pac_logon_info = -1; 233 static gint hf_krb_pac_credential_data = -1; 234 static gint hf_krb_pac_credential_info = -1; 235 static gint hf_krb_pac_credential_info_version = -1; 236 static gint hf_krb_pac_credential_info_etype = -1; 237 static gint hf_krb_pac_s4u_delegation_info = -1; 238 static gint hf_krb_pac_upn_dns_info = -1; 239 static gint hf_krb_pac_upn_flags = -1; 240 static gint hf_krb_pac_upn_dns_offset = -1; 241 static gint hf_krb_pac_upn_dns_len = -1; 242 static gint hf_krb_pac_upn_upn_offset = -1; 243 static gint hf_krb_pac_upn_upn_len = -1; 244 static gint hf_krb_pac_upn_upn_name = -1; 245 static gint hf_krb_pac_upn_dns_name = -1; 246 static gint hf_krb_pac_server_checksum = -1; 247 static gint hf_krb_pac_privsvr_checksum = -1; 248 static gint hf_krb_pac_client_info_type = -1; 249 static gint hf_krb_pac_client_claims_info = -1; 250 static gint hf_krb_pac_device_info = -1; 251 static gint hf_krb_pac_device_claims_info = -1; 252 static gint hf_krb_pac_ticket_checksum = -1; 253 static gint hf_krb_pa_supported_enctypes = -1; 254 static gint hf_krb_pa_supported_enctypes_des_cbc_crc = -1; 255 static gint hf_krb_pa_supported_enctypes_des_cbc_md5 = -1; 256 static gint hf_krb_pa_supported_enctypes_rc4_hmac = -1; 257 static gint hf_krb_pa_supported_enctypes_aes128_cts_hmac_sha1_96 = -1; 258 static gint hf_krb_pa_supported_enctypes_aes256_cts_hmac_sha1_96 = -1; 259 static gint hf_krb_pa_supported_enctypes_fast_supported = -1; 260 static gint hf_krb_pa_supported_enctypes_compound_identity_supported = -1; 261 static gint hf_krb_pa_supported_enctypes_claims_supported = -1; 262 static gint hf_krb_pa_supported_enctypes_resource_sid_compression_disabled = -1; 263 static gint hf_krb_ad_ap_options = -1; 264 static gint hf_krb_ad_ap_options_cbt = -1; 265 static gint hf_krb_ad_target_principal = -1; 266 static gint hf_krb_key_hidden_item = -1; 267 static gint hf_kerberos_KERB_TICKET_LOGON = -1; 268 static gint hf_kerberos_KERB_TICKET_LOGON_MessageType = -1; 269 static gint hf_kerberos_KERB_TICKET_LOGON_Flags = -1; 270 static gint hf_kerberos_KERB_TICKET_LOGON_ServiceTicketLength = -1; 271 static gint hf_kerberos_KERB_TICKET_LOGON_TicketGrantingTicketLength = -1; 272 static gint hf_kerberos_KERB_TICKET_LOGON_ServiceTicket = -1; 273 static gint hf_kerberos_KERB_TICKET_LOGON_TicketGrantingTicket = -1; 274 static gint hf_kerberos_KERB_TICKET_LOGON_FLAG_ALLOW_EXPIRED_TICKET = -1; 275 static gint hf_kerberos_KERB_TICKET_LOGON_FLAG_REDIRECTED = -1; 276 #ifdef HAVE_KERBEROS 277 static gint hf_kerberos_KrbFastResponse = -1; 278 static gint hf_kerberos_strengthen_key = -1; 279 static gint hf_kerberos_finished = -1; 280 static gint hf_kerberos_fast_options = -1; 281 static gint hf_kerberos_ticket_checksum = -1; 282 static gint hf_krb_patimestamp = -1; 283 static gint hf_krb_pausec = -1; 284 static gint hf_kerberos_FastOptions_reserved = -1; 285 static gint hf_kerberos_FastOptions_hide_client_names = -1; 286 static gint hf_kerberos_FastOptions_spare_bit2 = -1; 287 static gint hf_kerberos_FastOptions_spare_bit3 = -1; 288 static gint hf_kerberos_FastOptions_spare_bit4 = -1; 289 static gint hf_kerberos_FastOptions_spare_bit5 = -1; 290 static gint hf_kerberos_FastOptions_spare_bit6 = -1; 291 static gint hf_kerberos_FastOptions_spare_bit7 = -1; 292 static gint hf_kerberos_FastOptions_spare_bit8 = -1; 293 static gint hf_kerberos_FastOptions_spare_bit9 = -1; 294 static gint hf_kerberos_FastOptions_spare_bit10 = -1; 295 static gint hf_kerberos_FastOptions_spare_bit11 = -1; 296 static gint hf_kerberos_FastOptions_spare_bit12 = -1; 297 static gint hf_kerberos_FastOptions_spare_bit13 = -1; 298 static gint hf_kerberos_FastOptions_spare_bit14 = -1; 299 static gint hf_kerberos_FastOptions_spare_bit15 = -1; 300 static gint hf_kerberos_FastOptions_kdc_follow_referrals = -1; 301 302 #endif 303 304 /*--- Included file: packet-kerberos-hf.c ---*/ 305 #line 1 "./asn1/kerberos/packet-kerberos-hf.c" 306 static int hf_kerberos_ticket = -1; /* Ticket */ 307 static int hf_kerberos_authenticator = -1; /* Authenticator */ 308 static int hf_kerberos_encTicketPart = -1; /* EncTicketPart */ 309 static int hf_kerberos_as_req = -1; /* AS_REQ */ 310 static int hf_kerberos_as_rep = -1; /* AS_REP */ 311 static int hf_kerberos_tgs_req = -1; /* TGS_REQ */ 312 static int hf_kerberos_tgs_rep = -1; /* TGS_REP */ 313 static int hf_kerberos_ap_req = -1; /* AP_REQ */ 314 static int hf_kerberos_ap_rep = -1; /* AP_REP */ 315 static int hf_kerberos_krb_safe = -1; /* KRB_SAFE */ 316 static int hf_kerberos_krb_priv = -1; /* KRB_PRIV */ 317 static int hf_kerberos_krb_cred = -1; /* KRB_CRED */ 318 static int hf_kerberos_encASRepPart = -1; /* EncASRepPart */ 319 static int hf_kerberos_encTGSRepPart = -1; /* EncTGSRepPart */ 320 static int hf_kerberos_encAPRepPart = -1; /* EncAPRepPart */ 321 static int hf_kerberos_encKrbPrivPart = -1; /* ENC_KRB_PRIV_PART */ 322 static int hf_kerberos_encKrbCredPart = -1; /* EncKrbCredPart */ 323 static int hf_kerberos_krb_error = -1; /* KRB_ERROR */ 324 static int hf_kerberos_name_type = -1; /* NAME_TYPE */ 325 static int hf_kerberos_name_string = -1; /* SEQUENCE_OF_KerberosString */ 326 static int hf_kerberos_name_string_item = -1; /* KerberosString */ 327 static int hf_kerberos_cname_string = -1; /* SEQUENCE_OF_CNameString */ 328 static int hf_kerberos_cname_string_item = -1; /* CNameString */ 329 static int hf_kerberos_sname_string = -1; /* SEQUENCE_OF_SNameString */ 330 static int hf_kerberos_sname_string_item = -1; /* SNameString */ 331 static int hf_kerberos_addr_type = -1; /* ADDR_TYPE */ 332 static int hf_kerberos_address = -1; /* T_address */ 333 static int hf_kerberos_HostAddresses_item = -1; /* HostAddress */ 334 static int hf_kerberos_AuthorizationData_item = -1; /* AuthorizationData_item */ 335 static int hf_kerberos_ad_type = -1; /* AUTHDATA_TYPE */ 336 static int hf_kerberos_ad_data = -1; /* T_ad_data */ 337 static int hf_kerberos_padata_type = -1; /* PADATA_TYPE */ 338 static int hf_kerberos_padata_value = -1; /* T_padata_value */ 339 static int hf_kerberos_keytype = -1; /* T_keytype */ 340 static int hf_kerberos_keyvalue = -1; /* T_keyvalue */ 341 static int hf_kerberos_cksumtype = -1; /* CKSUMTYPE */ 342 static int hf_kerberos_checksum = -1; /* T_checksum */ 343 static int hf_kerberos_etype = -1; /* ENCTYPE */ 344 static int hf_kerberos_kvno = -1; /* UInt32 */ 345 static int hf_kerberos_encryptedTicketData_cipher = -1; /* T_encryptedTicketData_cipher */ 346 static int hf_kerberos_encryptedAuthorizationData_cipher = -1; /* T_encryptedAuthorizationData_cipher */ 347 static int hf_kerberos_encryptedAuthenticator_cipher = -1; /* T_encryptedAuthenticator_cipher */ 348 static int hf_kerberos_encryptedKDCREPData_cipher = -1; /* T_encryptedKDCREPData_cipher */ 349 static int hf_kerberos_encryptedAPREPData_cipher = -1; /* T_encryptedAPREPData_cipher */ 350 static int hf_kerberos_encryptedKrbPrivData_cipher = -1; /* T_encryptedKrbPrivData_cipher */ 351 static int hf_kerberos_encryptedKrbCredData_cipher = -1; /* T_encryptedKrbCredData_cipher */ 352 static int hf_kerberos_tkt_vno = -1; /* INTEGER_5 */ 353 static int hf_kerberos_realm = -1; /* Realm */ 354 static int hf_kerberos_sname = -1; /* SName */ 355 static int hf_kerberos_ticket_enc_part = -1; /* EncryptedTicketData */ 356 static int hf_kerberos_flags = -1; /* TicketFlags */ 357 static int hf_kerberos_encTicketPart_key = -1; /* T_encTicketPart_key */ 358 static int hf_kerberos_crealm = -1; /* Realm */ 359 static int hf_kerberos_cname = -1; /* CName */ 360 static int hf_kerberos_transited = -1; /* TransitedEncoding */ 361 static int hf_kerberos_authtime = -1; /* KerberosTime */ 362 static int hf_kerberos_starttime = -1; /* KerberosTime */ 363 static int hf_kerberos_endtime = -1; /* KerberosTime */ 364 static int hf_kerberos_renew_till = -1; /* KerberosTime */ 365 static int hf_kerberos_caddr = -1; /* HostAddresses */ 366 static int hf_kerberos_authorization_data = -1; /* AuthorizationData */ 367 static int hf_kerberos_tr_type = -1; /* Int32 */ 368 static int hf_kerberos_contents = -1; /* OCTET_STRING */ 369 static int hf_kerberos_pvno = -1; /* INTEGER_5 */ 370 static int hf_kerberos_msg_type = -1; /* MESSAGE_TYPE */ 371 static int hf_kerberos_padata = -1; /* SEQUENCE_OF_PA_DATA */ 372 static int hf_kerberos_padata_item = -1; /* PA_DATA */ 373 static int hf_kerberos_req_body = -1; /* KDC_REQ_BODY */ 374 static int hf_kerberos_kdc_options = -1; /* KDCOptions */ 375 static int hf_kerberos_from = -1; /* KerberosTime */ 376 static int hf_kerberos_till = -1; /* KerberosTime */ 377 static int hf_kerberos_rtime = -1; /* KerberosTime */ 378 static int hf_kerberos_nonce = -1; /* UInt32 */ 379 static int hf_kerberos_kDC_REQ_BODY_etype = -1; /* SEQUENCE_OF_ENCTYPE */ 380 static int hf_kerberos_kDC_REQ_BODY_etype_item = -1; /* ENCTYPE */ 381 static int hf_kerberos_addresses = -1; /* HostAddresses */ 382 static int hf_kerberos_enc_authorization_data = -1; /* EncryptedAuthorizationData */ 383 static int hf_kerberos_additional_tickets = -1; /* SEQUENCE_OF_Ticket */ 384 static int hf_kerberos_additional_tickets_item = -1; /* Ticket */ 385 static int hf_kerberos_kDC_REP_enc_part = -1; /* EncryptedKDCREPData */ 386 static int hf_kerberos_encKDCRepPart_key = -1; /* T_encKDCRepPart_key */ 387 static int hf_kerberos_last_req = -1; /* LastReq */ 388 static int hf_kerberos_key_expiration = -1; /* KerberosTime */ 389 static int hf_kerberos_srealm = -1; /* Realm */ 390 static int hf_kerberos_encrypted_pa_data = -1; /* T_encrypted_pa_data */ 391 static int hf_kerberos_LastReq_item = -1; /* LastReq_item */ 392 static int hf_kerberos_lr_type = -1; /* LR_TYPE */ 393 static int hf_kerberos_lr_value = -1; /* KerberosTime */ 394 static int hf_kerberos_ap_options = -1; /* APOptions */ 395 static int hf_kerberos_authenticator_enc_part = -1; /* EncryptedAuthenticator */ 396 static int hf_kerberos_authenticator_vno = -1; /* INTEGER_5 */ 397 static int hf_kerberos_cksum = -1; /* Checksum */ 398 static int hf_kerberos_cusec = -1; /* Microseconds */ 399 static int hf_kerberos_ctime = -1; /* KerberosTime */ 400 static int hf_kerberos_authenticator_subkey = -1; /* T_authenticator_subkey */ 401 static int hf_kerberos_seq_number = -1; /* UInt32 */ 402 static int hf_kerberos_aP_REP_enc_part = -1; /* EncryptedAPREPData */ 403 static int hf_kerberos_encAPRepPart_subkey = -1; /* T_encAPRepPart_subkey */ 404 static int hf_kerberos_safe_body = -1; /* KRB_SAFE_BODY */ 405 static int hf_kerberos_kRB_SAFE_BODY_user_data = -1; /* T_kRB_SAFE_BODY_user_data */ 406 static int hf_kerberos_timestamp = -1; /* KerberosTime */ 407 static int hf_kerberos_usec = -1; /* Microseconds */ 408 static int hf_kerberos_s_address = -1; /* HostAddress */ 409 static int hf_kerberos_r_address = -1; /* HostAddress */ 410 static int hf_kerberos_kRB_PRIV_enc_part = -1; /* EncryptedKrbPrivData */ 411 static int hf_kerberos_encKrbPrivPart_user_data = -1; /* T_encKrbPrivPart_user_data */ 412 static int hf_kerberos_tickets = -1; /* SEQUENCE_OF_Ticket */ 413 static int hf_kerberos_tickets_item = -1; /* Ticket */ 414 static int hf_kerberos_kRB_CRED_enc_part = -1; /* EncryptedKrbCredData */ 415 static int hf_kerberos_ticket_info = -1; /* SEQUENCE_OF_KrbCredInfo */ 416 static int hf_kerberos_ticket_info_item = -1; /* KrbCredInfo */ 417 static int hf_kerberos_krbCredInfo_key = -1; /* T_krbCredInfo_key */ 418 static int hf_kerberos_prealm = -1; /* Realm */ 419 static int hf_kerberos_pname = -1; /* PrincipalName */ 420 static int hf_kerberos_stime = -1; /* KerberosTime */ 421 static int hf_kerberos_susec = -1; /* Microseconds */ 422 static int hf_kerberos_error_code = -1; /* ERROR_CODE */ 423 static int hf_kerberos_e_text = -1; /* KerberosString */ 424 static int hf_kerberos_e_data = -1; /* T_e_data */ 425 static int hf_kerberos_e_checksum = -1; /* Checksum */ 426 static int hf_kerberos_METHOD_DATA_item = -1; /* PA_DATA */ 427 static int hf_kerberos_pA_ENC_TIMESTAMP_cipher = -1; /* T_pA_ENC_TIMESTAMP_cipher */ 428 static int hf_kerberos_info_salt = -1; /* OCTET_STRING */ 429 static int hf_kerberos_ETYPE_INFO_item = -1; /* ETYPE_INFO_ENTRY */ 430 static int hf_kerberos_info2_salt = -1; /* KerberosString */ 431 static int hf_kerberos_s2kparams = -1; /* OCTET_STRING */ 432 static int hf_kerberos_ETYPE_INFO2_item = -1; /* ETYPE_INFO2_ENTRY */ 433 static int hf_kerberos_server_name = -1; /* PrincipalName */ 434 static int hf_kerberos_include_pac = -1; /* BOOLEAN */ 435 static int hf_kerberos_name = -1; /* PrincipalName */ 436 static int hf_kerberos_auth = -1; /* GeneralString */ 437 static int hf_kerberos_user_id = -1; /* S4UUserID */ 438 static int hf_kerberos_checksum_01 = -1; /* Checksum */ 439 static int hf_kerberos_cname_01 = -1; /* PrincipalName */ 440 static int hf_kerberos_subject_certificate = -1; /* T_subject_certificate */ 441 static int hf_kerberos_options = -1; /* BIT_STRING */ 442 static int hf_kerberos_flags_01 = -1; /* PAC_OPTIONS_FLAGS */ 443 static int hf_kerberos_restriction_type = -1; /* Int32 */ 444 static int hf_kerberos_restriction = -1; /* OCTET_STRING */ 445 static int hf_kerberos_PA_KERB_KEY_LIST_REQ_item = -1; /* ENCTYPE */ 446 static int hf_kerberos_kerbKeyListRep_key = -1; /* PA_KERB_KEY_LIST_REP_item */ 447 static int hf_kerberos_newpasswd = -1; /* OCTET_STRING */ 448 static int hf_kerberos_targname = -1; /* PrincipalName */ 449 static int hf_kerberos_targrealm = -1; /* Realm */ 450 static int hf_kerberos_pa_type = -1; /* PADATA_TYPE */ 451 static int hf_kerberos_pa_hint = -1; /* OCTET_STRING */ 452 static int hf_kerberos_pa_value = -1; /* OCTET_STRING */ 453 static int hf_kerberos_armor_type = -1; /* KrbFastArmorTypes */ 454 static int hf_kerberos_armor_value = -1; /* T_armor_value */ 455 static int hf_kerberos_armored_data_request = -1; /* KrbFastArmoredReq */ 456 static int hf_kerberos_encryptedKrbFastReq_cipher = -1; /* T_encryptedKrbFastReq_cipher */ 457 static int hf_kerberos_armor = -1; /* KrbFastArmor */ 458 static int hf_kerberos_req_checksum = -1; /* Checksum */ 459 static int hf_kerberos_enc_fast_req = -1; /* EncryptedKrbFastReq */ 460 static int hf_kerberos_armored_data_reply = -1; /* KrbFastArmoredRep */ 461 static int hf_kerberos_encryptedKrbFastResponse_cipher = -1; /* T_encryptedKrbFastResponse_cipher */ 462 static int hf_kerberos_enc_fast_rep = -1; /* EncryptedKrbFastResponse */ 463 static int hf_kerberos_encryptedChallenge_cipher = -1; /* T_encryptedChallenge_cipher */ 464 static int hf_kerberos_cipher = -1; /* OCTET_STRING */ 465 static int hf_kerberos_groups = -1; /* SEQUENCE_SIZE_1_MAX_OF_SPAKEGroup */ 466 static int hf_kerberos_groups_item = -1; /* SPAKEGroup */ 467 static int hf_kerberos_group = -1; /* SPAKEGroup */ 468 static int hf_kerberos_pubkey = -1; /* OCTET_STRING */ 469 static int hf_kerberos_factors = -1; /* SEQUENCE_SIZE_1_MAX_OF_SPAKESecondFactor */ 470 static int hf_kerberos_factors_item = -1; /* SPAKESecondFactor */ 471 static int hf_kerberos_type = -1; /* SPAKESecondFactorType */ 472 static int hf_kerberos_data = -1; /* OCTET_STRING */ 473 static int hf_kerberos_factor = -1; /* EncryptedSpakeResponseData */ 474 static int hf_kerberos_support = -1; /* SPAKESupport */ 475 static int hf_kerberos_challenge = -1; /* SPAKEChallenge */ 476 static int hf_kerberos_response = -1; /* SPAKEResponse */ 477 static int hf_kerberos_encdata = -1; /* EncryptedSpakeData */ 478 /* named bits */ 479 static int hf_kerberos_APOptions_reserved = -1; 480 static int hf_kerberos_APOptions_use_session_key = -1; 481 static int hf_kerberos_APOptions_mutual_required = -1; 482 static int hf_kerberos_TicketFlags_reserved = -1; 483 static int hf_kerberos_TicketFlags_forwardable = -1; 484 static int hf_kerberos_TicketFlags_forwarded = -1; 485 static int hf_kerberos_TicketFlags_proxiable = -1; 486 static int hf_kerberos_TicketFlags_proxy = -1; 487 static int hf_kerberos_TicketFlags_may_postdate = -1; 488 static int hf_kerberos_TicketFlags_postdated = -1; 489 static int hf_kerberos_TicketFlags_invalid = -1; 490 static int hf_kerberos_TicketFlags_renewable = -1; 491 static int hf_kerberos_TicketFlags_initial = -1; 492 static int hf_kerberos_TicketFlags_pre_authent = -1; 493 static int hf_kerberos_TicketFlags_hw_authent = -1; 494 static int hf_kerberos_TicketFlags_transited_policy_checked = -1; 495 static int hf_kerberos_TicketFlags_ok_as_delegate = -1; 496 static int hf_kerberos_TicketFlags_unused = -1; 497 static int hf_kerberos_TicketFlags_enc_pa_rep = -1; 498 static int hf_kerberos_TicketFlags_anonymous = -1; 499 static int hf_kerberos_KDCOptions_reserved = -1; 500 static int hf_kerberos_KDCOptions_forwardable = -1; 501 static int hf_kerberos_KDCOptions_forwarded = -1; 502 static int hf_kerberos_KDCOptions_proxiable = -1; 503 static int hf_kerberos_KDCOptions_proxy = -1; 504 static int hf_kerberos_KDCOptions_allow_postdate = -1; 505 static int hf_kerberos_KDCOptions_postdated = -1; 506 static int hf_kerberos_KDCOptions_unused7 = -1; 507 static int hf_kerberos_KDCOptions_renewable = -1; 508 static int hf_kerberos_KDCOptions_unused9 = -1; 509 static int hf_kerberos_KDCOptions_unused10 = -1; 510 static int hf_kerberos_KDCOptions_opt_hardware_auth = -1; 511 static int hf_kerberos_KDCOptions_unused12 = -1; 512 static int hf_kerberos_KDCOptions_unused13 = -1; 513 static int hf_kerberos_KDCOptions_constrained_delegation = -1; 514 static int hf_kerberos_KDCOptions_canonicalize = -1; 515 static int hf_kerberos_KDCOptions_request_anonymous = -1; 516 static int hf_kerberos_KDCOptions_unused17 = -1; 517 static int hf_kerberos_KDCOptions_unused18 = -1; 518 static int hf_kerberos_KDCOptions_unused19 = -1; 519 static int hf_kerberos_KDCOptions_unused20 = -1; 520 static int hf_kerberos_KDCOptions_unused21 = -1; 521 static int hf_kerberos_KDCOptions_unused22 = -1; 522 static int hf_kerberos_KDCOptions_unused23 = -1; 523 static int hf_kerberos_KDCOptions_unused24 = -1; 524 static int hf_kerberos_KDCOptions_unused25 = -1; 525 static int hf_kerberos_KDCOptions_disable_transited_check = -1; 526 static int hf_kerberos_KDCOptions_renewable_ok = -1; 527 static int hf_kerberos_KDCOptions_enc_tkt_in_skey = -1; 528 static int hf_kerberos_KDCOptions_unused29 = -1; 529 static int hf_kerberos_KDCOptions_renew = -1; 530 static int hf_kerberos_KDCOptions_validate = -1; 531 static int hf_kerberos_PAC_OPTIONS_FLAGS_claims = -1; 532 static int hf_kerberos_PAC_OPTIONS_FLAGS_branch_aware = -1; 533 static int hf_kerberos_PAC_OPTIONS_FLAGS_forward_to_full_dc = -1; 534 static int hf_kerberos_PAC_OPTIONS_FLAGS_resource_based_constrained_delegation = -1; 535 536 /*--- End of included file: packet-kerberos-hf.c ---*/ 537 #line 296 "./asn1/kerberos/packet-kerberos-template.c" 538 539 /* Initialize the subtree pointers */ 540 static gint ett_kerberos = -1; 541 static gint ett_krb_recordmark = -1; 542 static gint ett_krb_pac = -1; 543 static gint ett_krb_pac_drep = -1; 544 static gint ett_krb_pac_midl_blob = -1; 545 static gint ett_krb_pac_logon_info = -1; 546 static gint ett_krb_pac_credential_info = -1; 547 static gint ett_krb_pac_s4u_delegation_info = -1; 548 static gint ett_krb_pac_upn_dns_info = -1; 549 static gint ett_krb_pac_device_info = -1; 550 static gint ett_krb_pac_server_checksum = -1; 551 static gint ett_krb_pac_privsvr_checksum = -1; 552 static gint ett_krb_pac_client_info_type = -1; 553 static gint ett_krb_pac_ticket_checksum = -1; 554 static gint ett_krb_pa_supported_enctypes = -1; 555 static gint ett_krb_ad_ap_options = -1; 556 static gint ett_kerberos_KERB_TICKET_LOGON = -1; 557 #ifdef HAVE_KERBEROS 558 static gint ett_krb_pa_enc_ts_enc = -1; 559 static gint ett_kerberos_KrbFastFinished = -1; 560 static gint ett_kerberos_KrbFastResponse = -1; 561 static gint ett_kerberos_KrbFastReq = -1; 562 static gint ett_kerberos_FastOptions = -1; 563 #endif 564 565 /*--- Included file: packet-kerberos-ett.c ---*/ 566 #line 1 "./asn1/kerberos/packet-kerberos-ett.c" 567 static gint ett_kerberos_Applications = -1; 568 static gint ett_kerberos_PrincipalName = -1; 569 static gint ett_kerberos_SEQUENCE_OF_KerberosString = -1; 570 static gint ett_kerberos_CName = -1; 571 static gint ett_kerberos_SEQUENCE_OF_CNameString = -1; 572 static gint ett_kerberos_SName = -1; 573 static gint ett_kerberos_SEQUENCE_OF_SNameString = -1; 574 static gint ett_kerberos_HostAddress = -1; 575 static gint ett_kerberos_HostAddresses = -1; 576 static gint ett_kerberos_AuthorizationData = -1; 577 static gint ett_kerberos_AuthorizationData_item = -1; 578 static gint ett_kerberos_PA_DATA = -1; 579 static gint ett_kerberos_EncryptionKey = -1; 580 static gint ett_kerberos_Checksum = -1; 581 static gint ett_kerberos_EncryptedTicketData = -1; 582 static gint ett_kerberos_EncryptedAuthorizationData = -1; 583 static gint ett_kerberos_EncryptedAuthenticator = -1; 584 static gint ett_kerberos_EncryptedKDCREPData = -1; 585 static gint ett_kerberos_EncryptedAPREPData = -1; 586 static gint ett_kerberos_EncryptedKrbPrivData = -1; 587 static gint ett_kerberos_EncryptedKrbCredData = -1; 588 static gint ett_kerberos_Ticket_U = -1; 589 static gint ett_kerberos_EncTicketPart_U = -1; 590 static gint ett_kerberos_TransitedEncoding = -1; 591 static gint ett_kerberos_KDC_REQ = -1; 592 static gint ett_kerberos_SEQUENCE_OF_PA_DATA = -1; 593 static gint ett_kerberos_KDC_REQ_BODY = -1; 594 static gint ett_kerberos_SEQUENCE_OF_ENCTYPE = -1; 595 static gint ett_kerberos_SEQUENCE_OF_Ticket = -1; 596 static gint ett_kerberos_KDC_REP = -1; 597 static gint ett_kerberos_EncKDCRepPart = -1; 598 static gint ett_kerberos_LastReq = -1; 599 static gint ett_kerberos_LastReq_item = -1; 600 static gint ett_kerberos_AP_REQ_U = -1; 601 static gint ett_kerberos_Authenticator_U = -1; 602 static gint ett_kerberos_AP_REP_U = -1; 603 static gint ett_kerberos_EncAPRepPart_U = -1; 604 static gint ett_kerberos_KRB_SAFE_U = -1; 605 static gint ett_kerberos_KRB_SAFE_BODY = -1; 606 static gint ett_kerberos_KRB_PRIV_U = -1; 607 static gint ett_kerberos_EncKrbPrivPart = -1; 608 static gint ett_kerberos_KRB_CRED_U = -1; 609 static gint ett_kerberos_EncKrbCredPart_U = -1; 610 static gint ett_kerberos_SEQUENCE_OF_KrbCredInfo = -1; 611 static gint ett_kerberos_KrbCredInfo = -1; 612 static gint ett_kerberos_KRB_ERROR_U = -1; 613 static gint ett_kerberos_METHOD_DATA = -1; 614 static gint ett_kerberos_PA_ENC_TIMESTAMP = -1; 615 static gint ett_kerberos_ETYPE_INFO_ENTRY = -1; 616 static gint ett_kerberos_ETYPE_INFO = -1; 617 static gint ett_kerberos_ETYPE_INFO2_ENTRY = -1; 618 static gint ett_kerberos_ETYPE_INFO2 = -1; 619 static gint ett_kerberos_TGT_REQ = -1; 620 static gint ett_kerberos_TGT_REP = -1; 621 static gint ett_kerberos_APOptions = -1; 622 static gint ett_kerberos_TicketFlags = -1; 623 static gint ett_kerberos_KDCOptions = -1; 624 static gint ett_kerberos_PA_PAC_REQUEST = -1; 625 static gint ett_kerberos_PA_S4U2Self = -1; 626 static gint ett_kerberos_PA_S4U_X509_USER = -1; 627 static gint ett_kerberos_S4UUserID = -1; 628 static gint ett_kerberos_PAC_OPTIONS_FLAGS = -1; 629 static gint ett_kerberos_PA_PAC_OPTIONS = -1; 630 static gint ett_kerberos_KERB_AD_RESTRICTION_ENTRY_U = -1; 631 static gint ett_kerberos_PA_KERB_KEY_LIST_REQ = -1; 632 static gint ett_kerberos_PA_KERB_KEY_LIST_REP = -1; 633 static gint ett_kerberos_ChangePasswdData = -1; 634 static gint ett_kerberos_PA_AUTHENTICATION_SET_ELEM = -1; 635 static gint ett_kerberos_KrbFastArmor = -1; 636 static gint ett_kerberos_PA_FX_FAST_REQUEST = -1; 637 static gint ett_kerberos_EncryptedKrbFastReq = -1; 638 static gint ett_kerberos_KrbFastArmoredReq = -1; 639 static gint ett_kerberos_PA_FX_FAST_REPLY = -1; 640 static gint ett_kerberos_EncryptedKrbFastResponse = -1; 641 static gint ett_kerberos_KrbFastArmoredRep = -1; 642 static gint ett_kerberos_EncryptedChallenge = -1; 643 static gint ett_kerberos_EncryptedSpakeData = -1; 644 static gint ett_kerberos_EncryptedSpakeResponseData = -1; 645 static gint ett_kerberos_SPAKESupport = -1; 646 static gint ett_kerberos_SEQUENCE_SIZE_1_MAX_OF_SPAKEGroup = -1; 647 static gint ett_kerberos_SPAKEChallenge = -1; 648 static gint ett_kerberos_SEQUENCE_SIZE_1_MAX_OF_SPAKESecondFactor = -1; 649 static gint ett_kerberos_SPAKESecondFactor = -1; 650 static gint ett_kerberos_SPAKEResponse = -1; 651 static gint ett_kerberos_PA_SPAKE = -1; 652 653 /*--- End of included file: packet-kerberos-ett.c ---*/ 654 #line 323 "./asn1/kerberos/packet-kerberos-template.c" 655 656 static expert_field ei_kerberos_missing_keytype = EI_INIT; 657 static expert_field ei_kerberos_decrypted_keytype = EI_INIT; 658 static expert_field ei_kerberos_learnt_keytype = EI_INIT; 659 static expert_field ei_kerberos_address = EI_INIT; 660 static expert_field ei_krb_gssapi_dlglen = EI_INIT; 661 662 static dissector_handle_t krb4_handle=NULL; 663 664 /* Global variables */ 665 static guint32 gbl_keytype; 666 static gboolean gbl_do_col_info; 667 668 669 /*--- Included file: packet-kerberos-val.h ---*/ 670 #line 1 "./asn1/kerberos/packet-kerberos-val.h" 671 #define id_krb5 "1.3.6.1.5.2" 672 673 typedef enum _KERBEROS_AUTHDATA_TYPE_enum { 674 KERBEROS_AD_IF_RELEVANT = 1, 675 KERBEROS_AD_INTENDED_FOR_SERVER = 2, 676 KERBEROS_AD_INTENDED_FOR_APPLICATION_CLASS = 3, 677 KERBEROS_AD_KDC_ISSUED = 4, 678 KERBEROS_AD_AND_OR = 5, 679 KERBEROS_AD_MANDATORY_TICKET_EXTENSIONS = 6, 680 KERBEROS_AD_IN_TICKET_EXTENSIONS = 7, 681 KERBEROS_AD_MANDATORY_FOR_KDC = 8, 682 KERBEROS_AD_INITIAL_VERIFIED_CAS = 9, 683 KERBEROS_AD_OSF_DCE = 64, 684 KERBEROS_AD_SESAME = 65, 685 KERBEROS_AD_OSF_DCE_PKI_CERTID = 66, 686 KERBEROS_AD_AUTHENTICATION_STRENGTH = 70, 687 KERBEROS_AD_FX_FAST_ARMOR = 71, 688 KERBEROS_AD_FX_FAST_USED = 72, 689 KERBEROS_AD_WIN2K_PAC = 128, 690 KERBEROS_AD_GSS_API_ETYPE_NEGOTIATION = 129, 691 KERBEROS_AD_TOKEN_RESTRICTIONS = 141, 692 KERBEROS_AD_LOCAL = 142, 693 KERBEROS_AD_AP_OPTIONS = 143, 694 KERBEROS_AD_TARGET_PRINCIPAL = 144, 695 KERBEROS_AD_SIGNTICKET_OLDER = -17, 696 KERBEROS_AD_SIGNTICKET = 512 697 } KERBEROS_AUTHDATA_TYPE_enum; 698 699 /* enumerated values for ADDR_TYPE */ 700 #define KERBEROS_ADDR_TYPE_IPV4 2 701 #define KERBEROS_ADDR_TYPE_CHAOS 5 702 #define KERBEROS_ADDR_TYPE_XEROX 6 703 #define KERBEROS_ADDR_TYPE_ISO 7 704 #define KERBEROS_ADDR_TYPE_DECNET 12 705 #define KERBEROS_ADDR_TYPE_APPLETALK 16 706 #define KERBEROS_ADDR_TYPE_NETBIOS 20 707 #define KERBEROS_ADDR_TYPE_IPV6 24 708 709 typedef enum _KERBEROS_PADATA_TYPE_enum { 710 KERBEROS_PA_NONE = 0, 711 KERBEROS_PA_TGS_REQ = 1, 712 KERBEROS_PA_ENC_TIMESTAMP = 2, 713 KERBEROS_PA_PW_SALT = 3, 714 KERBEROS_PA_ENC_UNIX_TIME = 5, 715 KERBEROS_PA_SANDIA_SECUREID = 6, 716 KERBEROS_PA_SESAME = 7, 717 KERBEROS_PA_OSF_DCE = 8, 718 KERBEROS_PA_CYBERSAFE_SECUREID = 9, 719 KERBEROS_PA_AFS3_SALT = 10, 720 KERBEROS_PA_ETYPE_INFO = 11, 721 KERBEROS_PA_SAM_CHALLENGE = 12, 722 KERBEROS_PA_SAM_RESPONSE = 13, 723 KERBEROS_PA_PK_AS_REQ_19 = 14, 724 KERBEROS_PA_PK_AS_REP_19 = 15, 725 KERBEROS_PA_PK_AS_REQ = 16, 726 KERBEROS_PA_PK_AS_REP = 17, 727 KERBEROS_PA_PK_OCSP_RESPONSE = 18, 728 KERBEROS_PA_ETYPE_INFO2 = 19, 729 KERBEROS_PA_USE_SPECIFIED_KVNO = 20, 730 KERBEROS_PA_SAM_REDIRECT = 21, 731 KERBEROS_PA_GET_FROM_TYPED_DATA = 22, 732 KERBEROS_TD_PADATA = 22, 733 KERBEROS_PA_SAM_ETYPE_INFO = 23, 734 KERBEROS_PA_ALT_PRINC = 24, 735 KERBEROS_PA_SERVER_REFERRAL = 25, 736 KERBEROS_PA_SAM_CHALLENGE2 = 30, 737 KERBEROS_PA_SAM_RESPONSE2 = 31, 738 KERBEROS_PA_EXTRA_TGT = 41, 739 KERBEROS_TD_PKINIT_CMS_CERTIFICATES = 101, 740 KERBEROS_TD_KRB_PRINCIPAL = 102, 741 KERBEROS_TD_KRB_REALM = 103, 742 KERBEROS_TD_TRUSTED_CERTIFIERS = 104, 743 KERBEROS_TD_CERTIFICATE_INDEX = 105, 744 KERBEROS_TD_APP_DEFINED_ERROR = 106, 745 KERBEROS_TD_REQ_NONCE = 107, 746 KERBEROS_TD_REQ_SEQ = 108, 747 KERBEROS_TD_DH_PARAMETERS = 109, 748 KERBEROS_TD_CMS_DIGEST_ALGORITHMS = 111, 749 KERBEROS_TD_CERT_DIGEST_ALGORITHMS = 112, 750 KERBEROS_PA_PAC_REQUEST = 128, 751 KERBEROS_PA_FOR_USER = 129, 752 KERBEROS_PA_FOR_X509_USER = 130, 753 KERBEROS_PA_FOR_CHECK_DUPS = 131, 754 KERBEROS_PA_PK_AS_09_BINDING = 132, 755 KERBEROS_PA_FX_COOKIE = 133, 756 KERBEROS_PA_AUTHENTICATION_SET = 134, 757 KERBEROS_PA_AUTH_SET_SELECTED = 135, 758 KERBEROS_PA_FX_FAST = 136, 759 KERBEROS_PA_FX_ERROR = 137, 760 KERBEROS_PA_ENCRYPTED_CHALLENGE = 138, 761 KERBEROS_PA_OTP_CHALLENGE = 141, 762 KERBEROS_PA_OTP_REQUEST = 142, 763 KERBEROS_PA_OTP_CONFIRM = 143, 764 KERBEROS_PA_OTP_PIN_CHANGE = 144, 765 KERBEROS_PA_EPAK_AS_REQ = 145, 766 KERBEROS_PA_EPAK_AS_REP = 146, 767 KERBEROS_PA_PKINIT_KX = 147, 768 KERBEROS_PA_PKU2U_NAME = 148, 769 KERBEROS_PA_REQ_ENC_PA_REP = 149, 770 KERBEROS_PA_SPAKE = 151, 771 KERBEROS_PA_KERB_KEY_LIST_REQ = 161, 772 KERBEROS_PA_KERB_KEY_LIST_REP = 162, 773 KERBEROS_PA_SUPPORTED_ETYPES = 165, 774 KERBEROS_PA_EXTENDED_ERROR = 166, 775 KERBEROS_PA_PAC_OPTIONS = 167, 776 KERBEROS_PA_PROV_SRV_LOCATION = -1 777 } KERBEROS_PADATA_TYPE_enum; 778 779 typedef enum _KERBEROS_KRBFASTARMORTYPES_enum { 780 KERBEROS_FX_FAST_RESERVED = 0, 781 KERBEROS_FX_FAST_ARMOR_AP_REQUEST = 1 782 } KERBEROS_KRBFASTARMORTYPES_enum; 783 784 /*--- End of included file: packet-kerberos-val.h ---*/ 785 #line 337 "./asn1/kerberos/packet-kerberos-template.c" 786 787 static void 788 call_kerberos_callbacks(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int tag, kerberos_callbacks *cb) 789 { 790 if(!cb){ 791 return; 792 } 793 794 while(cb->tag){ 795 if(cb->tag==tag){ 796 cb->callback(pinfo, tvb, tree); 797 return; 798 } 799 cb++; 800 } 801 return; 802 } 803 804 static kerberos_private_data_t* 805 kerberos_new_private_data(packet_info *pinfo) 806 { 807 kerberos_private_data_t *p; 808 809 p = wmem_new0(pinfo->pool, kerberos_private_data_t); 810 if (p == NULL) { 811 return NULL; 812 } 813 814 p->decryption_keys = wmem_list_new(pinfo->pool); 815 p->learnt_keys = wmem_list_new(pinfo->pool); 816 p->missing_keys = wmem_list_new(pinfo->pool); 817 818 return p; 819 } 820 821 static kerberos_private_data_t* 822 kerberos_get_private_data(asn1_ctx_t *actx) 823 { 824 if (!actx->private_data) { 825 actx->private_data = kerberos_new_private_data(actx->pinfo); 826 } 827 return (kerberos_private_data_t *)(actx->private_data); 828 } 829 830 static gboolean 831 kerberos_private_is_kdc_req(kerberos_private_data_t *private_data) 832 { 833 switch (private_data->msg_type) { 834 case KERBEROS_APPLICATIONS_AS_REQ: 835 case KERBEROS_APPLICATIONS_TGS_REQ: 836 return TRUE; 837 } 838 839 return FALSE; 840 } 841 842 gboolean 843 kerberos_is_win2k_pkinit(asn1_ctx_t *actx) 844 { 845 kerberos_private_data_t *private_data = kerberos_get_private_data(actx); 846 847 return private_data->is_win2k_pkinit; 848 } 849 850 #ifdef HAVE_KERBEROS 851 852 /* Decrypt Kerberos blobs */ 853 gboolean krb_decrypt = FALSE; 854 855 /* keytab filename */ 856 static const char *keytab_filename = ""; 857 858 void 859 read_keytab_file_from_preferences(void) 860 { 861 static char *last_keytab = NULL; 862 863 if (!krb_decrypt) { 864 return; 865 } 866 867 if (keytab_filename == NULL) { 868 return; 869 } 870 871 if (last_keytab && !strcmp(last_keytab, keytab_filename)) { 872 return; 873 } 874 875 g_free(last_keytab); 876 last_keytab = g_strdup(keytab_filename); 877 878 read_keytab_file(last_keytab); 879 } 880 #endif /* HAVE_KERBEROS */ 881 882 #if defined(HAVE_HEIMDAL_KERBEROS) || defined(HAVE_MIT_KERBEROS) 883 enc_key_t *enc_key_list=NULL; 884 static guint kerberos_longterm_ids = 0; 885 wmem_map_t *kerberos_longterm_keys = NULL; 886 static wmem_map_t *kerberos_all_keys = NULL; 887 static wmem_map_t *kerberos_app_session_keys = NULL; 888 889 static gboolean 890 enc_key_list_cb(wmem_allocator_t* allocator _U_, wmem_cb_event_t event _U_, void *user_data _U_) 891 { 892 enc_key_list = NULL; 893 kerberos_longterm_ids = 0; 894 /* keep the callback registered */ 895 return TRUE; 896 } 897 898 static gint enc_key_cmp_id(gconstpointer k1, gconstpointer k2) 899 { 900 const enc_key_t *key1 = (const enc_key_t *)k1; 901 const enc_key_t *key2 = (const enc_key_t *)k2; 902 903 if (key1->fd_num < key2->fd_num) { 904 return -1; 905 } 906 if (key1->fd_num > key2->fd_num) { 907 return 1; 908 } 909 910 if (key1->id < key2->id) { 911 return -1; 912 } 913 if (key1->id > key2->id) { 914 return 1; 915 } 916 917 return 0; 918 } 919 920 static gboolean 921 enc_key_content_equal(gconstpointer k1, gconstpointer k2) 922 { 923 const enc_key_t *key1 = (const enc_key_t *)k1; 924 const enc_key_t *key2 = (const enc_key_t *)k2; 925 int cmp; 926 927 if (key1->keytype != key2->keytype) { 928 return FALSE; 929 } 930 931 if (key1->keylength != key2->keylength) { 932 return FALSE; 933 } 934 935 cmp = memcmp(key1->keyvalue, key2->keyvalue, key1->keylength); 936 if (cmp != 0) { 937 return FALSE; 938 } 939 940 return TRUE; 941 } 942 943 static guint 944 enc_key_content_hash(gconstpointer k) 945 { 946 const enc_key_t *key = (const enc_key_t *)k; 947 guint ret = 0; 948 949 ret += wmem_strong_hash((const guint8 *)&key->keytype, 950 sizeof(key->keytype)); 951 ret += wmem_strong_hash((const guint8 *)&key->keylength, 952 sizeof(key->keylength)); 953 ret += wmem_strong_hash((const guint8 *)key->keyvalue, 954 key->keylength); 955 956 return ret; 957 } 958 959 static void 960 kerberos_key_map_insert(wmem_map_t *key_map, enc_key_t *new_key) 961 { 962 enc_key_t *existing = NULL; 963 enc_key_t *cur = NULL; 964 gint cmp; 965 966 existing = (enc_key_t *)wmem_map_lookup(key_map, new_key); 967 if (existing == NULL) { 968 wmem_map_insert(key_map, new_key, new_key); 969 return; 970 } 971 972 if (key_map != kerberos_all_keys) { 973 /* 974 * It should already be linked to the existing key... 975 */ 976 return; 977 } 978 979 if (existing->fd_num == -1 && new_key->fd_num != -1) { 980 /* 981 * We can't reference a learnt key 982 * from a longterm key. As they have 983 * a shorter lifetime. 984 * 985 * So just let the learnt key remember the 986 * match. 987 */ 988 new_key->same_list = existing; 989 new_key->num_same = existing->num_same + 1; 990 return; 991 } 992 993 /* 994 * If a key with the same content (keytype,keylength,keyvalue) 995 * already exists, we want the earliest key to be 996 * in the list. 997 */ 998 cmp = enc_key_cmp_id(new_key, existing); 999 if (cmp == 0) { 1000 /* 1001 * It's the same, nothing to do... 1002 */ 1003 return; 1004 } 1005 if (cmp < 0) { 1006 /* The new key has should be added to the list. */ 1007 new_key->same_list = existing; 1008 new_key->num_same = existing->num_same + 1; 1009 wmem_map_insert(key_map, new_key, new_key); 1010 return; 1011 } 1012 1013 /* 1014 * We want to link the new_key to the existing one. 1015 * 1016 * But we want keep the list sorted, so we need to forward 1017 * to the correct spot. 1018 */ 1019 for (cur = existing; cur->same_list != NULL; cur = cur->same_list) { 1020 cmp = enc_key_cmp_id(new_key, cur->same_list); 1021 if (cmp == 0) { 1022 /* 1023 * It's the same, nothing to do... 1024 */ 1025 return; 1026 } 1027 1028 if (cmp < 0) { 1029 /* 1030 * We found the correct spot, 1031 * the new_key should added 1032 * between existing and existing->same_list 1033 */ 1034 new_key->same_list = cur->same_list; 1035 new_key->num_same = cur->num_same; 1036 break; 1037 } 1038 } 1039 1040 /* 1041 * finally link new_key to existing 1042 * and fix up the numbers 1043 */ 1044 cur->same_list = new_key; 1045 for (cur = existing; cur != new_key; cur = cur->same_list) { 1046 cur->num_same += 1; 1047 } 1048 1049 return; 1050 } 1051 1052 struct insert_longterm_keys_into_key_map_state { 1053 wmem_map_t *key_map; 1054 }; 1055 1056 static void insert_longterm_keys_into_key_map_cb(gpointer __key _U_, 1057 gpointer value, 1058 gpointer user_data) 1059 { 1060 struct insert_longterm_keys_into_key_map_state *state = 1061 (struct insert_longterm_keys_into_key_map_state *)user_data; 1062 enc_key_t *key = (enc_key_t *)value; 1063 1064 kerberos_key_map_insert(state->key_map, key); 1065 } 1066 1067 static void insert_longterm_keys_into_key_map(wmem_map_t *key_map) 1068 { 1069 /* 1070 * Because the kerberos_longterm_keys are allocated on 1071 * wmem_epan_scope() and kerberos_all_keys are allocated 1072 * on wmem_file_scope(), we need to plug the longterm keys 1073 * back to kerberos_all_keys if a new file was loaded 1074 * and wmem_file_scope() got cleared. 1075 */ 1076 if (wmem_map_size(key_map) < wmem_map_size(kerberos_longterm_keys)) { 1077 struct insert_longterm_keys_into_key_map_state state = { 1078 .key_map = key_map, 1079 }; 1080 /* 1081 * Reference all longterm keys into kerberos_all_keys 1082 */ 1083 wmem_map_foreach(kerberos_longterm_keys, 1084 insert_longterm_keys_into_key_map_cb, 1085 &state); 1086 } 1087 } 1088 1089 static void 1090 kerberos_key_list_append(wmem_list_t *key_list, enc_key_t *new_key) 1091 { 1092 enc_key_t *existing = NULL; 1093 1094 existing = (enc_key_t *)wmem_list_find(key_list, new_key); 1095 if (existing != NULL) { 1096 return; 1097 } 1098 1099 wmem_list_append(key_list, new_key); 1100 } 1101 1102 static void 1103 add_encryption_key(packet_info *pinfo, 1104 kerberos_private_data_t *private_data, 1105 proto_tree *key_tree, 1106 proto_item *key_hidden_item, 1107 tvbuff_t *key_tvb, 1108 int keytype, int keylength, const char *keyvalue, 1109 const char *origin, 1110 enc_key_t *src1, enc_key_t *src2) 1111 { 1112 wmem_allocator_t *key_scope = NULL; 1113 enc_key_t *new_key = NULL; 1114 const char *methodl = "learnt"; 1115 const char *methodu = "Learnt"; 1116 proto_item *item = NULL; 1117 1118 private_data->last_added_key = NULL; 1119 1120 if (src1 != NULL && src2 != NULL) { 1121 methodl = "derived"; 1122 methodu = "Derived"; 1123 } 1124 1125 if(pinfo->fd->visited){ 1126 /* 1127 * We already processed this, 1128 * we can use a shortterm scope 1129 */ 1130 key_scope = pinfo->pool; 1131 } else { 1132 /* 1133 * As long as we have enc_key_list, we need to 1134 * use wmem_epan_scope(), when that's gone 1135 * we can dynamically select the scope based on 1136 * how long we'll need the particular key. 1137 */ 1138 key_scope = wmem_epan_scope(); 1139 } 1140 1141 new_key = wmem_new0(key_scope, enc_key_t); 1142 g_snprintf(new_key->key_origin, KRB_MAX_ORIG_LEN, "%s %s in frame %u", 1143 methodl, origin, pinfo->num); 1144 new_key->fd_num = pinfo->num; 1145 new_key->id = ++private_data->learnt_key_ids; 1146 g_snprintf(new_key->id_str, KRB_MAX_ID_STR_LEN, "%d.%u", 1147 new_key->fd_num, new_key->id); 1148 new_key->keytype=keytype; 1149 new_key->keylength=keylength; 1150 memcpy(new_key->keyvalue, keyvalue, MIN(keylength, KRB_MAX_KEY_LENGTH)); 1151 new_key->src1 = src1; 1152 new_key->src2 = src2; 1153 1154 if(!pinfo->fd->visited){ 1155 /* 1156 * Only keep it if we don't processed it before. 1157 */ 1158 new_key->next=enc_key_list; 1159 enc_key_list=new_key; 1160 insert_longterm_keys_into_key_map(kerberos_all_keys); 1161 kerberos_key_map_insert(kerberos_all_keys, new_key); 1162 } 1163 1164 item = proto_tree_add_expert_format(key_tree, pinfo, &ei_kerberos_learnt_keytype, 1165 key_tvb, 0, keylength, 1166 "%s %s keytype %d (id=%d.%u) (%02x%02x%02x%02x...)", 1167 methodu, origin, keytype, pinfo->num, new_key->id, 1168 keyvalue[0] & 0xFF, keyvalue[1] & 0xFF, 1169 keyvalue[2] & 0xFF, keyvalue[3] & 0xFF); 1170 if (item != NULL && key_hidden_item != NULL) { 1171 proto_tree_move_item(key_tree, key_hidden_item, item); 1172 } 1173 if (src1 != NULL) { 1174 enc_key_t *sek = src1; 1175 expert_add_info_format(pinfo, item, &ei_kerberos_learnt_keytype, 1176 "SRC1 %s keytype %d (id=%s same=%u) (%02x%02x%02x%02x...)", 1177 sek->key_origin, sek->keytype, 1178 sek->id_str, sek->num_same, 1179 sek->keyvalue[0] & 0xFF, sek->keyvalue[1] & 0xFF, 1180 sek->keyvalue[2] & 0xFF, sek->keyvalue[3] & 0xFF); 1181 } 1182 if (src2 != NULL) { 1183 enc_key_t *sek = src2; 1184 expert_add_info_format(pinfo, item, &ei_kerberos_learnt_keytype, 1185 "SRC2 %s keytype %d (id=%s same=%u) (%02x%02x%02x%02x...)", 1186 sek->key_origin, sek->keytype, 1187 sek->id_str, sek->num_same, 1188 sek->keyvalue[0] & 0xFF, sek->keyvalue[1] & 0xFF, 1189 sek->keyvalue[2] & 0xFF, sek->keyvalue[3] & 0xFF); 1190 } 1191 1192 kerberos_key_list_append(private_data->learnt_keys, new_key); 1193 private_data->last_added_key = new_key; 1194 } 1195 1196 static void 1197 save_encryption_key(tvbuff_t *tvb _U_, int offset _U_, int length _U_, 1198 asn1_ctx_t *actx _U_, proto_tree *tree _U_, 1199 int parent_hf_index _U_, 1200 int hf_index _U_) 1201 { 1202 kerberos_private_data_t *private_data = kerberos_get_private_data(actx); 1203 const char *parent = proto_registrar_get_name(parent_hf_index); 1204 const char *element = proto_registrar_get_name(hf_index); 1205 char origin[KRB_MAX_ORIG_LEN] = { 0, }; 1206 1207 g_snprintf(origin, KRB_MAX_ORIG_LEN, "%s_%s", parent, element); 1208 1209 add_encryption_key(actx->pinfo, 1210 private_data, 1211 private_data->key_tree, 1212 private_data->key_hidden_item, 1213 private_data->key_tvb, 1214 private_data->key.keytype, 1215 private_data->key.keylength, 1216 private_data->key.keyvalue, 1217 origin, 1218 NULL, 1219 NULL); 1220 } 1221 1222 static void 1223 save_Authenticator_subkey(tvbuff_t *tvb, int offset, int length, 1224 asn1_ctx_t *actx, proto_tree *tree, 1225 int parent_hf_index, 1226 int hf_index) 1227 { 1228 kerberos_private_data_t *private_data = kerberos_get_private_data(actx); 1229 1230 save_encryption_key(tvb, offset, length, actx, tree, parent_hf_index, hf_index); 1231 1232 if (private_data->last_decryption_key == NULL) { 1233 return; 1234 } 1235 if (private_data->last_added_key == NULL) { 1236 return; 1237 } 1238 1239 if (private_data->within_PA_TGS_REQ != 0) { 1240 private_data->PA_TGS_REQ_key = private_data->last_decryption_key; 1241 private_data->PA_TGS_REQ_subkey = private_data->last_added_key; 1242 } 1243 if (private_data->fast_armor_within_armor_value != 0) { 1244 private_data->PA_FAST_ARMOR_AP_key = private_data->last_decryption_key; 1245 private_data->PA_FAST_ARMOR_AP_subkey = private_data->last_added_key; 1246 } 1247 } 1248 1249 static void 1250 save_EncAPRepPart_subkey(tvbuff_t *tvb, int offset, int length, 1251 asn1_ctx_t *actx, proto_tree *tree, 1252 int parent_hf_index, 1253 int hf_index) 1254 { 1255 kerberos_private_data_t *private_data = kerberos_get_private_data(actx); 1256 1257 save_encryption_key(tvb, offset, length, actx, tree, parent_hf_index, hf_index); 1258 1259 if (actx->pinfo->fd->visited) { 1260 return; 1261 } 1262 1263 if (private_data->last_added_key == NULL) { 1264 return; 1265 } 1266 1267 kerberos_key_map_insert(kerberos_app_session_keys, private_data->last_added_key); 1268 } 1269 1270 static void 1271 save_EncKDCRepPart_key(tvbuff_t *tvb, int offset, int length, 1272 asn1_ctx_t *actx, proto_tree *tree, 1273 int parent_hf_index, 1274 int hf_index) 1275 { 1276 save_encryption_key(tvb, offset, length, actx, tree, parent_hf_index, hf_index); 1277 } 1278 1279 static void 1280 save_EncTicketPart_key(tvbuff_t *tvb, int offset, int length, 1281 asn1_ctx_t *actx, proto_tree *tree, 1282 int parent_hf_index, 1283 int hf_index) 1284 { 1285 save_encryption_key(tvb, offset, length, actx, tree, parent_hf_index, hf_index); 1286 } 1287 1288 static void 1289 save_KrbCredInfo_key(tvbuff_t *tvb, int offset, int length, 1290 asn1_ctx_t *actx, proto_tree *tree, 1291 int parent_hf_index, 1292 int hf_index) 1293 { 1294 save_encryption_key(tvb, offset, length, actx, tree, parent_hf_index, hf_index); 1295 } 1296 1297 static void 1298 save_KrbFastResponse_strengthen_key(tvbuff_t *tvb, int offset, int length, 1299 asn1_ctx_t *actx, proto_tree *tree, 1300 int parent_hf_index, 1301 int hf_index) 1302 { 1303 kerberos_private_data_t *private_data = kerberos_get_private_data(actx); 1304 1305 save_encryption_key(tvb, offset, length, actx, tree, parent_hf_index, hf_index); 1306 1307 private_data->fast_strengthen_key = private_data->last_added_key; 1308 } 1309 1310 static void used_encryption_key(proto_tree *tree, packet_info *pinfo, 1311 kerberos_private_data_t *private_data, 1312 enc_key_t *ek, int usage, tvbuff_t *cryptotvb, 1313 const char *keymap_name, 1314 guint keymap_size, 1315 guint decryption_count) 1316 { 1317 proto_item *item = NULL; 1318 enc_key_t *sek = NULL; 1319 1320 item = proto_tree_add_expert_format(tree, pinfo, &ei_kerberos_decrypted_keytype, 1321 cryptotvb, 0, 0, 1322 "Decrypted keytype %d usage %d " 1323 "using %s (id=%s same=%u) (%02x%02x%02x%02x...)", 1324 ek->keytype, usage, ek->key_origin, ek->id_str, ek->num_same, 1325 ek->keyvalue[0] & 0xFF, ek->keyvalue[1] & 0xFF, 1326 ek->keyvalue[2] & 0xFF, ek->keyvalue[3] & 0xFF); 1327 expert_add_info_format(pinfo, item, &ei_kerberos_decrypted_keytype, 1328 "Used keymap=%s num_keys=%u num_tries=%u)", 1329 keymap_name, 1330 keymap_size, 1331 decryption_count); 1332 if (ek->src1 != NULL) { 1333 sek = ek->src1; 1334 expert_add_info_format(pinfo, item, &ei_kerberos_decrypted_keytype, 1335 "SRC1 %s keytype %d (id=%s same=%u) (%02x%02x%02x%02x...)", 1336 sek->key_origin, sek->keytype, 1337 sek->id_str, sek->num_same, 1338 sek->keyvalue[0] & 0xFF, sek->keyvalue[1] & 0xFF, 1339 sek->keyvalue[2] & 0xFF, sek->keyvalue[3] & 0xFF); 1340 } 1341 if (ek->src2 != NULL) { 1342 sek = ek->src2; 1343 expert_add_info_format(pinfo, item, &ei_kerberos_decrypted_keytype, 1344 "SRC2 %s keytype %d (id=%s same=%u) (%02x%02x%02x%02x...)", 1345 sek->key_origin, sek->keytype, 1346 sek->id_str, sek->num_same, 1347 sek->keyvalue[0] & 0xFF, sek->keyvalue[1] & 0xFF, 1348 sek->keyvalue[2] & 0xFF, sek->keyvalue[3] & 0xFF); 1349 } 1350 sek = ek->same_list; 1351 while (sek != NULL) { 1352 expert_add_info_format(pinfo, item, &ei_kerberos_decrypted_keytype, 1353 "Decrypted keytype %d usage %d " 1354 "using %s (id=%s same=%u) (%02x%02x%02x%02x...)", 1355 sek->keytype, usage, sek->key_origin, sek->id_str, sek->num_same, 1356 sek->keyvalue[0] & 0xFF, sek->keyvalue[1] & 0xFF, 1357 sek->keyvalue[2] & 0xFF, sek->keyvalue[3] & 0xFF); 1358 sek = sek->same_list; 1359 } 1360 kerberos_key_list_append(private_data->decryption_keys, ek); 1361 private_data->last_decryption_key = ek; 1362 } 1363 #endif /* HAVE_HEIMDAL_KERBEROS || HAVE_MIT_KERBEROS */ 1364 1365 #ifdef HAVE_MIT_KERBEROS 1366 1367 static void missing_encryption_key(proto_tree *tree, packet_info *pinfo, 1368 kerberos_private_data_t *private_data, 1369 int keytype, int usage, tvbuff_t *cryptotvb, 1370 const char *keymap_name, 1371 guint keymap_size, 1372 guint decryption_count) 1373 { 1374 proto_item *item = NULL; 1375 enc_key_t *mek = NULL; 1376 1377 mek = wmem_new0(pinfo->pool, enc_key_t); 1378 g_snprintf(mek->key_origin, KRB_MAX_ORIG_LEN, 1379 "keytype %d usage %d missing in frame %u", 1380 keytype, usage, pinfo->num); 1381 mek->fd_num = pinfo->num; 1382 mek->id = ++private_data->missing_key_ids; 1383 g_snprintf(mek->id_str, KRB_MAX_ID_STR_LEN, "missing.%u", 1384 mek->id); 1385 mek->keytype=keytype; 1386 1387 item = proto_tree_add_expert_format(tree, pinfo, &ei_kerberos_missing_keytype, 1388 cryptotvb, 0, 0, 1389 "Missing keytype %d usage %d (id=%s)", 1390 keytype, usage, mek->id_str); 1391 expert_add_info_format(pinfo, item, &ei_kerberos_missing_keytype, 1392 "Used keymap=%s num_keys=%u num_tries=%u)", 1393 keymap_name, 1394 keymap_size, 1395 decryption_count); 1396 1397 kerberos_key_list_append(private_data->missing_keys, mek); 1398 } 1399 1400 #ifdef HAVE_KRB5_PAC_VERIFY 1401 static void used_signing_key(proto_tree *tree, packet_info *pinfo, 1402 kerberos_private_data_t *private_data, 1403 enc_key_t *ek, tvbuff_t *tvb, 1404 krb5_cksumtype checksum, 1405 const char *reason, 1406 const char *keymap_name, 1407 guint keymap_size, 1408 guint verify_count) 1409 { 1410 proto_item *item = NULL; 1411 enc_key_t *sek = NULL; 1412 1413 item = proto_tree_add_expert_format(tree, pinfo, &ei_kerberos_decrypted_keytype, 1414 tvb, 0, 0, 1415 "%s checksum %d keytype %d " 1416 "using %s (id=%s same=%u) (%02x%02x%02x%02x...)", 1417 reason, checksum, ek->keytype, ek->key_origin, 1418 ek->id_str, ek->num_same, 1419 ek->keyvalue[0] & 0xFF, ek->keyvalue[1] & 0xFF, 1420 ek->keyvalue[2] & 0xFF, ek->keyvalue[3] & 0xFF); 1421 expert_add_info_format(pinfo, item, &ei_kerberos_decrypted_keytype, 1422 "Used keymap=%s num_keys=%u num_tries=%u)", 1423 keymap_name, 1424 keymap_size, 1425 verify_count); 1426 sek = ek->same_list; 1427 while (sek != NULL) { 1428 expert_add_info_format(pinfo, item, &ei_kerberos_decrypted_keytype, 1429 "%s checksum %d keytype %d " 1430 "using %s (id=%s same=%u) (%02x%02x%02x%02x...)", 1431 reason, checksum, sek->keytype, sek->key_origin, 1432 sek->id_str, sek->num_same, 1433 sek->keyvalue[0] & 0xFF, sek->keyvalue[1] & 0xFF, 1434 sek->keyvalue[2] & 0xFF, sek->keyvalue[3] & 0xFF); 1435 sek = sek->same_list; 1436 } 1437 kerberos_key_list_append(private_data->decryption_keys, ek); 1438 } 1439 1440 static void missing_signing_key(proto_tree *tree, packet_info *pinfo, 1441 kerberos_private_data_t *private_data, 1442 tvbuff_t *tvb, 1443 krb5_cksumtype checksum, 1444 int keytype, 1445 const char *reason, 1446 const char *keymap_name, 1447 guint keymap_size, 1448 guint verify_count) 1449 { 1450 proto_item *item = NULL; 1451 enc_key_t *mek = NULL; 1452 1453 mek = wmem_new0(pinfo->pool, enc_key_t); 1454 g_snprintf(mek->key_origin, KRB_MAX_ORIG_LEN, 1455 "checksum %d keytype %d missing in frame %u", 1456 checksum, keytype, pinfo->num); 1457 mek->fd_num = pinfo->num; 1458 mek->id = ++private_data->missing_key_ids; 1459 g_snprintf(mek->id_str, KRB_MAX_ID_STR_LEN, "missing.%u", 1460 mek->id); 1461 mek->keytype=keytype; 1462 1463 item = proto_tree_add_expert_format(tree, pinfo, &ei_kerberos_missing_keytype, 1464 tvb, 0, 0, 1465 "%s checksum %d keytype %d (id=%s)", 1466 reason, checksum, keytype, mek->id_str); 1467 expert_add_info_format(pinfo, item, &ei_kerberos_missing_keytype, 1468 "Used keymap=%s num_keys=%u num_tries=%u)", 1469 keymap_name, 1470 keymap_size, 1471 verify_count); 1472 1473 kerberos_key_list_append(private_data->missing_keys, mek); 1474 } 1475 1476 #endif /* HAVE_KRB5_PAC_VERIFY */ 1477 1478 static krb5_context krb5_ctx; 1479 1480 #ifdef HAVE_KRB5_C_FX_CF2_SIMPLE 1481 static void 1482 krb5_fast_key(asn1_ctx_t *actx, proto_tree *tree, tvbuff_t *tvb, 1483 enc_key_t *ek1 _U_, const char *p1 _U_, 1484 enc_key_t *ek2 _U_, const char *p2 _U_, 1485 const char *origin _U_) 1486 { 1487 kerberos_private_data_t *private_data = kerberos_get_private_data(actx); 1488 krb5_error_code ret; 1489 krb5_keyblock k1; 1490 krb5_keyblock k2; 1491 krb5_keyblock *k = NULL; 1492 1493 if (!krb_decrypt) { 1494 return; 1495 } 1496 1497 if (ek1 == NULL) { 1498 return; 1499 } 1500 1501 if (ek2 == NULL) { 1502 return; 1503 } 1504 1505 k1.magic = KV5M_KEYBLOCK; 1506 k1.enctype = ek1->keytype; 1507 k1.length = ek1->keylength; 1508 k1.contents = (guint8 *)ek1->keyvalue; 1509 1510 k2.magic = KV5M_KEYBLOCK; 1511 k2.enctype = ek2->keytype; 1512 k2.length = ek2->keylength; 1513 k2.contents = (guint8 *)ek2->keyvalue; 1514 1515 ret = krb5_c_fx_cf2_simple(krb5_ctx, &k1, p1, &k2, p2, &k); 1516 if (ret != 0) { 1517 return; 1518 } 1519 1520 add_encryption_key(actx->pinfo, 1521 private_data, 1522 tree, NULL, tvb, 1523 k->enctype, k->length, 1524 (const char *)k->contents, 1525 origin, 1526 ek1, ek2); 1527 1528 krb5_free_keyblock(krb5_ctx, k); 1529 } 1530 #else /* HAVE_KRB5_C_FX_CF2_SIMPLE */ 1531 static void 1532 krb5_fast_key(asn1_ctx_t *actx _U_, proto_tree *tree _U_, tvbuff_t *tvb _U_, 1533 enc_key_t *ek1 _U_, const char *p1 _U_, 1534 enc_key_t *ek2 _U_, const char *p2 _U_, 1535 const char *origin _U_) 1536 { 1537 } 1538 #endif /* HAVE_KRB5_C_FX_CF2_SIMPLE */ 1539 1540 USES_APPLE_DEPRECATED_API 1541 void 1542 read_keytab_file(const char *filename) 1543 { 1544 krb5_keytab keytab; 1545 krb5_error_code ret; 1546 krb5_keytab_entry key; 1547 krb5_kt_cursor cursor; 1548 static gboolean first_time=TRUE; 1549 1550 if (filename == NULL || filename[0] == 0) { 1551 return; 1552 } 1553 1554 if(first_time){ 1555 first_time=FALSE; 1556 ret = krb5_init_context(&krb5_ctx); 1557 if(ret && ret != KRB5_CONFIG_CANTOPEN){ 1558 return; 1559 } 1560 } 1561 1562 /* should use a file in the wireshark users dir */ 1563 ret = krb5_kt_resolve(krb5_ctx, filename, &keytab); 1564 if(ret){ 1565 fprintf(stderr, "KERBEROS ERROR: Badly formatted keytab filename :%s\n",filename); 1566 1567 return; 1568 } 1569 1570 ret = krb5_kt_start_seq_get(krb5_ctx, keytab, &cursor); 1571 if(ret){ 1572 fprintf(stderr, "KERBEROS ERROR: Could not open or could not read from keytab file :%s\n",filename); 1573 return; 1574 } 1575 1576 do{ 1577 ret = krb5_kt_next_entry(krb5_ctx, keytab, &key, &cursor); 1578 if(ret==0){ 1579 enc_key_t *new_key; 1580 int i; 1581 char *pos; 1582 1583 new_key = wmem_new0(wmem_epan_scope(), enc_key_t); 1584 new_key->fd_num = -1; 1585 new_key->id = ++kerberos_longterm_ids; 1586 g_snprintf(new_key->id_str, KRB_MAX_ID_STR_LEN, "keytab.%u", new_key->id); 1587 new_key->next = enc_key_list; 1588 1589 /* generate origin string, describing where this key came from */ 1590 pos=new_key->key_origin; 1591 pos+=MIN(KRB_MAX_ORIG_LEN, 1592 g_snprintf(pos, KRB_MAX_ORIG_LEN, "keytab principal ")); 1593 for(i=0;i<key.principal->length;i++){ 1594 pos+=MIN(KRB_MAX_ORIG_LEN-(pos-new_key->key_origin), 1595 g_snprintf(pos, (gulong)(KRB_MAX_ORIG_LEN-(pos-new_key->key_origin)), "%s%s",(i?"/":""),(key.principal->data[i]).data)); 1596 } 1597 pos+=MIN(KRB_MAX_ORIG_LEN-(pos-new_key->key_origin), 1598 g_snprintf(pos, (gulong)(KRB_MAX_ORIG_LEN-(pos-new_key->key_origin)), "@%s",key.principal->realm.data)); 1599 *pos=0; 1600 new_key->keytype=key.key.enctype; 1601 new_key->keylength=key.key.length; 1602 memcpy(new_key->keyvalue, 1603 key.key.contents, 1604 MIN(key.key.length, KRB_MAX_KEY_LENGTH)); 1605 1606 enc_key_list=new_key; 1607 ret = krb5_free_keytab_entry_contents(krb5_ctx, &key); 1608 if (ret) { 1609 fprintf(stderr, "KERBEROS ERROR: Could not release the entry: %d", ret); 1610 ret = 0; /* try to continue with the next entry */ 1611 } 1612 kerberos_key_map_insert(kerberos_longterm_keys, new_key); 1613 } 1614 }while(ret==0); 1615 1616 ret = krb5_kt_end_seq_get(krb5_ctx, keytab, &cursor); 1617 if(ret){ 1618 fprintf(stderr, "KERBEROS ERROR: Could not release the keytab cursor: %d", ret); 1619 } 1620 ret = krb5_kt_close(krb5_ctx, keytab); 1621 if(ret){ 1622 fprintf(stderr, "KERBEROS ERROR: Could not close the key table handle: %d", ret); 1623 } 1624 } 1625 1626 struct decrypt_krb5_with_cb_state { 1627 proto_tree *tree; 1628 packet_info *pinfo; 1629 kerberos_private_data_t *private_data; 1630 int usage; 1631 int keytype; 1632 tvbuff_t *cryptotvb; 1633 krb5_error_code (*decrypt_cb_fn)( 1634 const krb5_keyblock *key, 1635 int usage, 1636 void *decrypt_cb_data); 1637 void *decrypt_cb_data; 1638 guint count; 1639 enc_key_t *ek; 1640 }; 1641 1642 static void 1643 decrypt_krb5_with_cb_try_key(gpointer __key _U_, gpointer value, gpointer userdata) 1644 { 1645 struct decrypt_krb5_with_cb_state *state = 1646 (struct decrypt_krb5_with_cb_state *)userdata; 1647 enc_key_t *ek = (enc_key_t *)value; 1648 krb5_error_code ret; 1649 krb5_keytab_entry key; 1650 #ifdef HAVE_KRB5_C_FX_CF2_SIMPLE 1651 enc_key_t *ak = state->private_data->fast_armor_key; 1652 enc_key_t *sk = state->private_data->fast_strengthen_key; 1653 gboolean try_with_armor_key = FALSE; 1654 gboolean try_with_strengthen_key = FALSE; 1655 #endif 1656 1657 if (state->ek != NULL) { 1658 /* 1659 * we're done. 1660 */ 1661 return; 1662 } 1663 1664 #ifdef HAVE_KRB5_C_FX_CF2_SIMPLE 1665 if (ak != NULL && ak != ek && ak->keytype == state->keytype && ek->fd_num == -1) { 1666 switch (state->usage) { 1667 case KEY_USAGE_ENC_CHALLENGE_CLIENT: 1668 case KEY_USAGE_ENC_CHALLENGE_KDC: 1669 if (ek->fd_num == -1) { 1670 /* Challenges are based on a long term key */ 1671 try_with_armor_key = TRUE; 1672 } 1673 break; 1674 } 1675 1676 /* 1677 * If we already have a strengthen_key 1678 * we don't need to try with the armor key 1679 * again 1680 */ 1681 if (sk != NULL) { 1682 try_with_armor_key = FALSE; 1683 } 1684 } 1685 1686 if (sk != NULL && sk != ek && sk->keytype == state->keytype && sk->keytype == ek->keytype) { 1687 switch (state->usage) { 1688 case 3: 1689 if (ek->fd_num == -1) { 1690 /* AS-REP is based on a long term key */ 1691 try_with_strengthen_key = TRUE; 1692 } 1693 break; 1694 case 8: 1695 case 9: 1696 if (ek->fd_num != -1) { 1697 /* TGS-REP is not based on a long term key */ 1698 try_with_strengthen_key = TRUE; 1699 } 1700 break; 1701 } 1702 } 1703 1704 if (try_with_armor_key) { 1705 krb5_keyblock k1; 1706 krb5_keyblock k2; 1707 krb5_keyblock *k = NULL; 1708 const char *p1 = NULL; 1709 1710 k1.magic = KV5M_KEYBLOCK; 1711 k1.enctype = ak->keytype; 1712 k1.length = ak->keylength; 1713 k1.contents = (guint8 *)ak->keyvalue; 1714 1715 k2.magic = KV5M_KEYBLOCK; 1716 k2.enctype = ek->keytype; 1717 k2.length = ek->keylength; 1718 k2.contents = (guint8 *)ek->keyvalue; 1719 1720 switch (state->usage) { 1721 case KEY_USAGE_ENC_CHALLENGE_CLIENT: 1722 p1 = "clientchallengearmor"; 1723 break; 1724 case KEY_USAGE_ENC_CHALLENGE_KDC: 1725 p1 = "kdcchallengearmor"; 1726 break; 1727 default: 1728 /* 1729 * Should never be called! 1730 */ 1731 /* 1732 * try the next one... 1733 */ 1734 return; 1735 } 1736 1737 ret = krb5_c_fx_cf2_simple(krb5_ctx, 1738 &k1, p1, 1739 &k2, "challengelongterm", 1740 &k); 1741 if (ret != 0) { 1742 /* 1743 * try the next one... 1744 */ 1745 return; 1746 } 1747 1748 state->count += 1; 1749 ret = state->decrypt_cb_fn(k, 1750 state->usage, 1751 state->decrypt_cb_data); 1752 if (ret == 0) { 1753 add_encryption_key(state->pinfo, 1754 state->private_data, 1755 state->tree, 1756 NULL, 1757 state->cryptotvb, 1758 k->enctype, k->length, 1759 (const char *)k->contents, 1760 p1, 1761 ak, ek); 1762 krb5_free_keyblock(krb5_ctx, k); 1763 /* 1764 * remember the key and stop traversing 1765 */ 1766 state->ek = state->private_data->last_added_key; 1767 return; 1768 } 1769 krb5_free_keyblock(krb5_ctx, k); 1770 /* 1771 * don't stop traversing... 1772 * try the next one... 1773 */ 1774 return; 1775 } 1776 1777 if (try_with_strengthen_key) { 1778 krb5_keyblock k1; 1779 krb5_keyblock k2; 1780 krb5_keyblock *k = NULL; 1781 1782 k1.magic = KV5M_KEYBLOCK; 1783 k1.enctype = sk->keytype; 1784 k1.length = sk->keylength; 1785 k1.contents = (guint8 *)sk->keyvalue; 1786 1787 k2.magic = KV5M_KEYBLOCK; 1788 k2.enctype = ek->keytype; 1789 k2.length = ek->keylength; 1790 k2.contents = (guint8 *)ek->keyvalue; 1791 1792 ret = krb5_c_fx_cf2_simple(krb5_ctx, 1793 &k1, "strengthenkey", 1794 &k2, "replykey", 1795 &k); 1796 if (ret != 0) { 1797 /* 1798 * try the next one... 1799 */ 1800 return; 1801 } 1802 1803 state->count += 1; 1804 ret = state->decrypt_cb_fn(k, 1805 state->usage, 1806 state->decrypt_cb_data); 1807 if (ret == 0) { 1808 add_encryption_key(state->pinfo, 1809 state->private_data, 1810 state->tree, 1811 NULL, 1812 state->cryptotvb, 1813 k->enctype, k->length, 1814 (const char *)k->contents, 1815 "strengthen-reply-key", 1816 sk, ek); 1817 krb5_free_keyblock(krb5_ctx, k); 1818 /* 1819 * remember the key and stop traversing 1820 */ 1821 state->ek = state->private_data->last_added_key; 1822 return; 1823 } 1824 krb5_free_keyblock(krb5_ctx, k); 1825 /* 1826 * don't stop traversing... 1827 * try the next one... 1828 */ 1829 return; 1830 } 1831 #endif /* HAVE_KRB5_C_FX_CF2_SIMPLE */ 1832 1833 /* shortcircuit and bail out if enctypes are not matching */ 1834 if ((state->keytype != -1) && (ek->keytype != state->keytype)) { 1835 /* 1836 * don't stop traversing... 1837 * try the next one... 1838 */ 1839 return; 1840 } 1841 1842 key.key.enctype=ek->keytype; 1843 key.key.length=ek->keylength; 1844 key.key.contents=ek->keyvalue; 1845 state->count += 1; 1846 ret = state->decrypt_cb_fn(&(key.key), 1847 state->usage, 1848 state->decrypt_cb_data); 1849 if (ret != 0) { 1850 /* 1851 * don't stop traversing... 1852 * try the next one... 1853 */ 1854 return; 1855 } 1856 1857 /* 1858 * we're done, remember the key 1859 */ 1860 state->ek = ek; 1861 } 1862 1863 static krb5_error_code 1864 decrypt_krb5_with_cb(proto_tree *tree, 1865 packet_info *pinfo, 1866 kerberos_private_data_t *private_data, 1867 int usage, 1868 int keytype, 1869 tvbuff_t *cryptotvb, 1870 krb5_error_code (*decrypt_cb_fn)( 1871 const krb5_keyblock *key, 1872 int usage, 1873 void *decrypt_cb_data), 1874 void *decrypt_cb_data) 1875 { 1876 const char *key_map_name = NULL; 1877 wmem_map_t *key_map = NULL; 1878 struct decrypt_krb5_with_cb_state state = { 1879 .tree = tree, 1880 .pinfo = pinfo, 1881 .private_data = private_data, 1882 .usage = usage, 1883 .cryptotvb = cryptotvb, 1884 .keytype = keytype, 1885 .decrypt_cb_fn = decrypt_cb_fn, 1886 .decrypt_cb_data = decrypt_cb_data, 1887 }; 1888 1889 read_keytab_file_from_preferences(); 1890 1891 switch (usage) { 1892 case KRB5_KU_USAGE_INITIATOR_SEAL: 1893 case KRB5_KU_USAGE_ACCEPTOR_SEAL: 1894 key_map_name = "app_session_keys"; 1895 key_map = kerberos_app_session_keys; 1896 break; 1897 default: 1898 key_map_name = "all_keys"; 1899 key_map = kerberos_all_keys; 1900 insert_longterm_keys_into_key_map(key_map); 1901 break; 1902 } 1903 1904 wmem_map_foreach(key_map, decrypt_krb5_with_cb_try_key, &state); 1905 if (state.ek != NULL) { 1906 used_encryption_key(tree, pinfo, private_data, 1907 state.ek, usage, cryptotvb, 1908 key_map_name, 1909 wmem_map_size(key_map), 1910 state.count); 1911 return 0; 1912 } 1913 1914 missing_encryption_key(tree, pinfo, private_data, 1915 keytype, usage, cryptotvb, 1916 key_map_name, 1917 wmem_map_size(key_map), 1918 state.count); 1919 return -1; 1920 } 1921 1922 struct decrypt_krb5_data_state { 1923 krb5_data input; 1924 krb5_data output; 1925 }; 1926 1927 static krb5_error_code 1928 decrypt_krb5_data_cb(const krb5_keyblock *key, 1929 int usage, 1930 void *decrypt_cb_data) 1931 { 1932 struct decrypt_krb5_data_state *state = 1933 (struct decrypt_krb5_data_state *)decrypt_cb_data; 1934 krb5_enc_data input; 1935 1936 memset(&input, 0, sizeof(input)); 1937 input.enctype = key->enctype; 1938 input.ciphertext = state->input; 1939 1940 return krb5_c_decrypt(krb5_ctx, 1941 key, 1942 usage, 1943 0, 1944 &input, 1945 &state->output); 1946 } 1947 1948 static guint8 * 1949 decrypt_krb5_data_private(proto_tree *tree _U_, packet_info *pinfo, 1950 kerberos_private_data_t *private_data, 1951 int usage, tvbuff_t *cryptotvb, int keytype, 1952 int *datalen) 1953 { 1954 #define HAVE_DECRYPT_KRB5_DATA_PRIVATE 1 1955 struct decrypt_krb5_data_state state; 1956 krb5_error_code ret; 1957 int length = tvb_captured_length(cryptotvb); 1958 const guint8 *cryptotext = tvb_get_ptr(cryptotvb, 0, length); 1959 1960 /* don't do anything if we are not attempting to decrypt data */ 1961 if(!krb_decrypt || length < 1){ 1962 return NULL; 1963 } 1964 1965 /* make sure we have all the data we need */ 1966 if (tvb_captured_length(cryptotvb) < tvb_reported_length(cryptotvb)) { 1967 return NULL; 1968 } 1969 1970 memset(&state, 0, sizeof(state)); 1971 state.input.length = length; 1972 state.input.data = (guint8 *)cryptotext; 1973 state.output.data = (char *)wmem_alloc(pinfo->pool, length); 1974 state.output.length = length; 1975 1976 ret = decrypt_krb5_with_cb(tree, 1977 pinfo, 1978 private_data, 1979 usage, 1980 keytype, 1981 cryptotvb, 1982 decrypt_krb5_data_cb, 1983 &state); 1984 if (ret != 0) { 1985 return NULL; 1986 } 1987 1988 if (datalen) { 1989 *datalen = state.output.length; 1990 } 1991 return (guint8 *)state.output.data; 1992 } 1993 1994 guint8 * 1995 decrypt_krb5_data(proto_tree *tree _U_, packet_info *pinfo, 1996 int usage, 1997 tvbuff_t *cryptotvb, 1998 int keytype, 1999 int *datalen) 2000 { 2001 kerberos_private_data_t *zero_private = kerberos_new_private_data(pinfo); 2002 return decrypt_krb5_data_private(tree, pinfo, zero_private, 2003 usage, cryptotvb, keytype, 2004 datalen); 2005 } 2006 2007 USES_APPLE_RST 2008 2009 #ifdef KRB5_CRYPTO_TYPE_SIGN_ONLY 2010 struct decrypt_krb5_krb_cfx_dce_state { 2011 const guint8 *gssapi_header_ptr; 2012 guint gssapi_header_len; 2013 tvbuff_t *gssapi_encrypted_tvb; 2014 guint8 *gssapi_payload; 2015 guint gssapi_payload_len; 2016 const guint8 *gssapi_trailer_ptr; 2017 guint gssapi_trailer_len; 2018 tvbuff_t *checksum_tvb; 2019 guint8 *checksum; 2020 guint checksum_len; 2021 }; 2022 2023 static krb5_error_code 2024 decrypt_krb5_krb_cfx_dce_cb(const krb5_keyblock *key, 2025 int usage, 2026 void *decrypt_cb_data) 2027 { 2028 struct decrypt_krb5_krb_cfx_dce_state *state = 2029 (struct decrypt_krb5_krb_cfx_dce_state *)decrypt_cb_data; 2030 unsigned int k5_headerlen = 0; 2031 unsigned int k5_headerofs = 0; 2032 unsigned int k5_trailerlen = 0; 2033 unsigned int k5_trailerofs = 0; 2034 size_t _k5_blocksize = 0; 2035 guint k5_blocksize; 2036 krb5_crypto_iov iov[6]; 2037 krb5_error_code ret; 2038 guint checksum_remain = state->checksum_len; 2039 guint checksum_crypt_len; 2040 2041 memset(iov, 0, sizeof(iov)); 2042 2043 ret = krb5_c_crypto_length(krb5_ctx, 2044 key->enctype, 2045 KRB5_CRYPTO_TYPE_HEADER, 2046 &k5_headerlen); 2047 if (ret != 0) { 2048 return ret; 2049 } 2050 if (checksum_remain < k5_headerlen) { 2051 return -1; 2052 } 2053 checksum_remain -= k5_headerlen; 2054 k5_headerofs = checksum_remain; 2055 ret = krb5_c_crypto_length(krb5_ctx, 2056 key->enctype, 2057 KRB5_CRYPTO_TYPE_TRAILER, 2058 &k5_trailerlen); 2059 if (ret != 0) { 2060 return ret; 2061 } 2062 if (checksum_remain < k5_trailerlen) { 2063 return -1; 2064 } 2065 checksum_remain -= k5_trailerlen; 2066 k5_trailerofs = checksum_remain; 2067 checksum_crypt_len = checksum_remain; 2068 2069 ret = krb5_c_block_size(krb5_ctx, 2070 key->enctype, 2071 &_k5_blocksize); 2072 if (ret != 0) { 2073 return ret; 2074 } 2075 /* 2076 * The cast is required for the Windows build in order 2077 * to avoid the following warning. 2078 * 2079 * warning C4267: '-=': conversion from 'size_t' to 'guint', 2080 * possible loss of data 2081 */ 2082 k5_blocksize = (guint)_k5_blocksize; 2083 if (checksum_remain < k5_blocksize) { 2084 return -1; 2085 } 2086 checksum_remain -= k5_blocksize; 2087 if (checksum_remain < 16) { 2088 return -1; 2089 } 2090 2091 tvb_memcpy(state->gssapi_encrypted_tvb, 2092 state->gssapi_payload, 2093 0, 2094 state->gssapi_payload_len); 2095 tvb_memcpy(state->checksum_tvb, 2096 state->checksum, 2097 0, 2098 state->checksum_len); 2099 2100 iov[0].flags = KRB5_CRYPTO_TYPE_HEADER; 2101 iov[0].data.data = state->checksum + k5_headerofs; 2102 iov[0].data.length = k5_headerlen; 2103 2104 if (state->gssapi_header_ptr != NULL) { 2105 iov[1].flags = KRB5_CRYPTO_TYPE_SIGN_ONLY; 2106 iov[1].data.data = (guint8 *)(guintptr)state->gssapi_header_ptr; 2107 iov[1].data.length = state->gssapi_header_len; 2108 } else { 2109 iov[1].flags = KRB5_CRYPTO_TYPE_EMPTY; 2110 } 2111 2112 iov[2].flags = KRB5_CRYPTO_TYPE_DATA; 2113 iov[2].data.data = state->gssapi_payload; 2114 iov[2].data.length = state->gssapi_payload_len; 2115 2116 if (state->gssapi_trailer_ptr != NULL) { 2117 iov[3].flags = KRB5_CRYPTO_TYPE_SIGN_ONLY; 2118 iov[3].data.data = (guint8 *)(guintptr)state->gssapi_trailer_ptr; 2119 iov[3].data.length = state->gssapi_trailer_len; 2120 } else { 2121 iov[3].flags = KRB5_CRYPTO_TYPE_EMPTY; 2122 } 2123 2124 iov[4].flags = KRB5_CRYPTO_TYPE_DATA; 2125 iov[4].data.data = state->checksum; 2126 iov[4].data.length = checksum_crypt_len; 2127 2128 iov[5].flags = KRB5_CRYPTO_TYPE_TRAILER; 2129 iov[5].data.data = state->checksum + k5_trailerofs; 2130 iov[5].data.length = k5_trailerlen; 2131 2132 return krb5_c_decrypt_iov(krb5_ctx, 2133 key, 2134 usage, 2135 0, 2136 iov, 2137 6); 2138 } 2139 2140 tvbuff_t * 2141 decrypt_krb5_krb_cfx_dce(proto_tree *tree, 2142 packet_info *pinfo, 2143 int usage, 2144 int keytype, 2145 tvbuff_t *gssapi_header_tvb, 2146 tvbuff_t *gssapi_encrypted_tvb, 2147 tvbuff_t *gssapi_trailer_tvb, 2148 tvbuff_t *checksum_tvb) 2149 { 2150 struct decrypt_krb5_krb_cfx_dce_state state; 2151 kerberos_private_data_t *zero_private = kerberos_new_private_data(pinfo); 2152 tvbuff_t *gssapi_decrypted_tvb = NULL; 2153 krb5_error_code ret; 2154 2155 /* don't do anything if we are not attempting to decrypt data */ 2156 if (!krb_decrypt) { 2157 return NULL; 2158 } 2159 2160 memset(&state, 0, sizeof(state)); 2161 2162 /* make sure we have all the data we need */ 2163 #define __CHECK_TVB_LEN(__tvb) (tvb_captured_length(__tvb) < tvb_reported_length(__tvb)) 2164 if (gssapi_header_tvb != NULL) { 2165 if (__CHECK_TVB_LEN(gssapi_header_tvb)) { 2166 return NULL; 2167 } 2168 2169 state.gssapi_header_len = tvb_captured_length(gssapi_header_tvb); 2170 state.gssapi_header_ptr = tvb_get_ptr(gssapi_header_tvb, 2171 0, 2172 state.gssapi_header_len); 2173 } 2174 if (gssapi_encrypted_tvb == NULL || __CHECK_TVB_LEN(gssapi_encrypted_tvb)) { 2175 return NULL; 2176 } 2177 state.gssapi_encrypted_tvb = gssapi_encrypted_tvb; 2178 state.gssapi_payload_len = tvb_captured_length(gssapi_encrypted_tvb); 2179 state.gssapi_payload = (guint8 *)wmem_alloc0(pinfo->pool, state.gssapi_payload_len); 2180 if (state.gssapi_payload == NULL) { 2181 return NULL; 2182 } 2183 if (gssapi_trailer_tvb != NULL) { 2184 if (__CHECK_TVB_LEN(gssapi_trailer_tvb)) { 2185 return NULL; 2186 } 2187 2188 state.gssapi_trailer_len = tvb_captured_length(gssapi_trailer_tvb); 2189 state.gssapi_trailer_ptr = tvb_get_ptr(gssapi_trailer_tvb, 2190 0, 2191 state.gssapi_trailer_len); 2192 } 2193 if (checksum_tvb == NULL || __CHECK_TVB_LEN(checksum_tvb)) { 2194 return NULL; 2195 } 2196 state.checksum_tvb = checksum_tvb; 2197 state.checksum_len = tvb_captured_length(checksum_tvb); 2198 state.checksum = (guint8 *)wmem_alloc0(pinfo->pool, state.checksum_len); 2199 if (state.checksum == NULL) { 2200 return NULL; 2201 } 2202 2203 ret = decrypt_krb5_with_cb(tree, 2204 pinfo, 2205 zero_private, 2206 usage, 2207 keytype, 2208 gssapi_encrypted_tvb, 2209 decrypt_krb5_krb_cfx_dce_cb, 2210 &state); 2211 wmem_free(pinfo->pool, state.checksum); 2212 if (ret != 0) { 2213 wmem_free(pinfo->pool, state.gssapi_payload); 2214 return NULL; 2215 } 2216 2217 gssapi_decrypted_tvb = tvb_new_child_real_data(gssapi_encrypted_tvb, 2218 state.gssapi_payload, 2219 state.gssapi_payload_len, 2220 state.gssapi_payload_len); 2221 if (gssapi_decrypted_tvb == NULL) { 2222 wmem_free(pinfo->pool, state.gssapi_payload); 2223 return NULL; 2224 } 2225 2226 return gssapi_decrypted_tvb; 2227 } 2228 #else /* NOT KRB5_CRYPTO_TYPE_SIGN_ONLY */ 2229 #define NEED_DECRYPT_KRB5_KRB_CFX_DCE_NOOP 1 2230 #endif /* NOT KRB5_CRYPTO_TYPE_SIGN_ONLY */ 2231 2232 #ifdef HAVE_KRB5_PAC_VERIFY 2233 /* 2234 * macOS up to 10.14.5 only has a MIT shim layer on top 2235 * of heimdal. It means that krb5_pac_verify() is not available 2236 * in /usr/lib/libkrb5.dylib 2237 * 2238 * https://opensource.apple.com/tarballs/Heimdal/Heimdal-520.260.1.tar.gz 2239 * https://opensource.apple.com/tarballs/MITKerberosShim/MITKerberosShim-71.200.1.tar.gz 2240 */ 2241 2242 extern krb5_error_code 2243 krb5int_c_mandatory_cksumtype(krb5_context, krb5_enctype, krb5_cksumtype *); 2244 2245 extern void krb5_free_enc_tkt_part(krb5_context, krb5_enc_tkt_part *); 2246 extern krb5_error_code 2247 decode_krb5_enc_tkt_part(const krb5_data *output, krb5_enc_tkt_part **rep); 2248 extern krb5_error_code 2249 encode_krb5_enc_tkt_part(const krb5_enc_tkt_part *rep, krb5_data **code); 2250 2251 static int 2252 keytype_for_cksumtype(krb5_cksumtype checksum) 2253 { 2254 #define _ARRAY_SIZE(X) (sizeof(X) / sizeof((X)[0])) 2255 static const int keytypes[] = { 2256 18, 2257 17, 2258 23, 2259 }; 2260 guint i; 2261 2262 for (i = 0; i < _ARRAY_SIZE(keytypes); i++) { 2263 krb5_cksumtype checksumtype = 0; 2264 krb5_error_code ret; 2265 2266 ret = krb5int_c_mandatory_cksumtype(krb5_ctx, 2267 keytypes[i], 2268 &checksumtype); 2269 if (ret != 0) { 2270 continue; 2271 } 2272 if (checksum == checksumtype) { 2273 return keytypes[i]; 2274 } 2275 } 2276 2277 return -1; 2278 } 2279 2280 struct verify_krb5_pac_state { 2281 krb5_pac pac; 2282 krb5_cksumtype server_checksum; 2283 guint server_count; 2284 enc_key_t *server_ek; 2285 krb5_cksumtype kdc_checksum; 2286 guint kdc_count; 2287 enc_key_t *kdc_ek; 2288 krb5_cksumtype ticket_checksum_type; 2289 const krb5_data *ticket_checksum_data; 2290 }; 2291 2292 static void 2293 verify_krb5_pac_try_server_key(gpointer __key _U_, gpointer value, gpointer userdata) 2294 { 2295 struct verify_krb5_pac_state *state = 2296 (struct verify_krb5_pac_state *)userdata; 2297 enc_key_t *ek = (enc_key_t *)value; 2298 krb5_keyblock keyblock; 2299 krb5_cksumtype checksumtype = 0; 2300 krb5_error_code ret; 2301 2302 if (state->server_checksum == 0) { 2303 /* 2304 * nothing more todo, stop traversing. 2305 */ 2306 return; 2307 } 2308 2309 if (state->server_ek != NULL) { 2310 /* 2311 * we're done. 2312 */ 2313 return; 2314 } 2315 2316 ret = krb5int_c_mandatory_cksumtype(krb5_ctx, ek->keytype, 2317 &checksumtype); 2318 if (ret != 0) { 2319 /* 2320 * the key is not usable, keep traversing. 2321 * try the next key... 2322 */ 2323 return; 2324 } 2325 2326 keyblock.magic = KV5M_KEYBLOCK; 2327 keyblock.enctype = ek->keytype; 2328 keyblock.length = ek->keylength; 2329 keyblock.contents = (guint8 *)ek->keyvalue; 2330 2331 if (checksumtype == state->server_checksum) { 2332 state->server_count += 1; 2333 ret = krb5_pac_verify(krb5_ctx, state->pac, 0, NULL, 2334 &keyblock, NULL); 2335 if (ret == 0) { 2336 state->server_ek = ek; 2337 } 2338 } 2339 } 2340 2341 static void 2342 verify_krb5_pac_try_kdc_key(gpointer __key _U_, gpointer value, gpointer userdata) 2343 { 2344 struct verify_krb5_pac_state *state = 2345 (struct verify_krb5_pac_state *)userdata; 2346 enc_key_t *ek = (enc_key_t *)value; 2347 krb5_keyblock keyblock; 2348 krb5_cksumtype checksumtype = 0; 2349 krb5_error_code ret; 2350 2351 if (state->kdc_checksum == 0) { 2352 /* 2353 * nothing more todo, stop traversing. 2354 */ 2355 return; 2356 } 2357 2358 if (state->kdc_ek != NULL) { 2359 /* 2360 * we're done. 2361 */ 2362 return; 2363 } 2364 2365 ret = krb5int_c_mandatory_cksumtype(krb5_ctx, ek->keytype, 2366 &checksumtype); 2367 if (ret != 0) { 2368 /* 2369 * the key is not usable, keep traversing. 2370 * try the next key... 2371 */ 2372 return; 2373 } 2374 2375 keyblock.magic = KV5M_KEYBLOCK; 2376 keyblock.enctype = ek->keytype; 2377 keyblock.length = ek->keylength; 2378 keyblock.contents = (guint8 *)ek->keyvalue; 2379 2380 if (checksumtype == state->kdc_checksum) { 2381 state->kdc_count += 1; 2382 ret = krb5_pac_verify(krb5_ctx, state->pac, 0, NULL, 2383 NULL, &keyblock); 2384 if (ret == 0) { 2385 state->kdc_ek = ek; 2386 } 2387 } 2388 } 2389 2390 #define __KRB5_PAC_TICKET_CHECKSUM 16 2391 2392 static void 2393 verify_krb5_pac_ticket_checksum(proto_tree *tree _U_, 2394 asn1_ctx_t *actx _U_, 2395 tvbuff_t *pactvb _U_, 2396 struct verify_krb5_pac_state *state _U_) 2397 { 2398 #ifdef HAVE_DECODE_KRB5_ENC_TKT_PART 2399 kerberos_private_data_t *private_data = kerberos_get_private_data(actx); 2400 tvbuff_t *teptvb = private_data->last_ticket_enc_part_tvb; 2401 guint teplength = 0; 2402 const guint8 *tepbuffer = NULL; 2403 krb5_data tepdata = { .length = 0, }; 2404 krb5_enc_tkt_part *tep = NULL; 2405 krb5_data *tmpdata = NULL; 2406 krb5_error_code ret; 2407 krb5_authdata **recoded_container = NULL; 2408 gint ad_orig_idx = -1; 2409 krb5_authdata *ad_orig_ptr = NULL; 2410 gint l0idx = 0; 2411 krb5_keyblock kdc_key = { .magic = KV5M_KEYBLOCK, }; 2412 size_t checksum_length = 0; 2413 krb5_checksum checksum = { .checksum_type = 0, }; 2414 krb5_boolean valid = FALSE; 2415 2416 if (state->kdc_ek == NULL) { 2417 int keytype = keytype_for_cksumtype(state->ticket_checksum_type); 2418 missing_signing_key(tree, actx->pinfo, private_data, 2419 pactvb, state->ticket_checksum_type, 2420 keytype, 2421 "Missing KDC (for ticket)", 2422 "kdc_checksum_key", 2423 0, 2424 0); 2425 return; 2426 } 2427 2428 if (teptvb == NULL) { 2429 return; 2430 } 2431 2432 teplength = tvb_captured_length(teptvb); 2433 /* make sure we have all the data we need */ 2434 if (teplength < tvb_reported_length(teptvb)) { 2435 return; 2436 } 2437 2438 tepbuffer = tvb_get_ptr(teptvb, 0, teplength); 2439 if (tepbuffer == NULL) { 2440 return; 2441 } 2442 2443 kdc_key.magic = KV5M_KEYBLOCK; 2444 kdc_key.enctype = state->kdc_ek->keytype; 2445 kdc_key.length = state->kdc_ek->keylength; 2446 kdc_key.contents = (guint8 *)state->kdc_ek->keyvalue; 2447 2448 checksum.checksum_type = state->ticket_checksum_type; 2449 checksum.length = state->ticket_checksum_data->length; 2450 checksum.contents = (guint8 *)state->ticket_checksum_data->data; 2451 if (checksum.length >= 4) { 2452 checksum.length -= 4; 2453 checksum.contents += 4; 2454 } 2455 2456 ret = krb5_c_checksum_length(krb5_ctx, 2457 checksum.checksum_type, 2458 &checksum_length); 2459 if (ret != 0) { 2460 missing_signing_key(tree, actx->pinfo, private_data, 2461 pactvb, state->ticket_checksum_type, 2462 state->kdc_ek->keytype, 2463 "krb5_c_checksum_length failed for Ticket Signature", 2464 "kdc_checksum_key", 2465 1, 2466 0); 2467 return; 2468 } 2469 checksum.length = MIN(checksum.length, (unsigned int)checksum_length); 2470 2471 tepdata.data = (void *)(uintptr_t)tepbuffer; 2472 tepdata.length = teplength; 2473 2474 ret = decode_krb5_enc_tkt_part(&tepdata, &tep); 2475 if (ret != 0) { 2476 missing_signing_key(tree, actx->pinfo, private_data, 2477 pactvb, state->ticket_checksum_type, 2478 state->kdc_ek->keytype, 2479 "decode_krb5_enc_tkt_part failed", 2480 "kdc_checksum_key", 2481 1, 2482 0); 2483 return; 2484 } 2485 2486 for (l0idx = 0; tep->authorization_data[l0idx]; l0idx++) { 2487 krb5_authdata *adl0 = tep->authorization_data[l0idx]; 2488 krb5_authdata **decoded_container = NULL; 2489 krb5_authdata *ad_pac = NULL; 2490 gint l1idx = 0; 2491 2492 if (adl0->ad_type != KRB5_AUTHDATA_IF_RELEVANT) { 2493 continue; 2494 } 2495 2496 ret = krb5_decode_authdata_container(krb5_ctx, 2497 KRB5_AUTHDATA_IF_RELEVANT, 2498 adl0, 2499 &decoded_container); 2500 if (ret != 0) { 2501 missing_signing_key(tree, actx->pinfo, private_data, 2502 pactvb, state->ticket_checksum_type, 2503 state->kdc_ek->keytype, 2504 "krb5_decode_authdata_container failed", 2505 "kdc_checksum_key", 2506 1, 2507 0); 2508 krb5_free_enc_tkt_part(krb5_ctx, tep); 2509 return; 2510 } 2511 2512 for (l1idx = 0; decoded_container[l1idx]; l1idx++) { 2513 krb5_authdata *adl1 = decoded_container[l1idx]; 2514 2515 if (adl1->ad_type != KRB5_AUTHDATA_WIN2K_PAC) { 2516 continue; 2517 } 2518 2519 ad_pac = adl1; 2520 break; 2521 } 2522 2523 if (ad_pac == NULL) { 2524 krb5_free_authdata(krb5_ctx, decoded_container); 2525 continue; 2526 } 2527 2528 ad_pac->length = 1; 2529 ad_pac->contents[0] = '\0'; 2530 2531 ret = krb5_encode_authdata_container(krb5_ctx, 2532 KRB5_AUTHDATA_IF_RELEVANT, 2533 decoded_container, 2534 &recoded_container); 2535 krb5_free_authdata(krb5_ctx, decoded_container); 2536 decoded_container = NULL; 2537 if (ret != 0) { 2538 missing_signing_key(tree, actx->pinfo, private_data, 2539 pactvb, state->ticket_checksum_type, 2540 state->kdc_ek->keytype, 2541 "krb5_encode_authdata_container failed", 2542 "kdc_checksum_key", 2543 1, 2544 0); 2545 krb5_free_enc_tkt_part(krb5_ctx, tep); 2546 return; 2547 } 2548 2549 ad_orig_idx = l0idx; 2550 ad_orig_ptr = adl0; 2551 tep->authorization_data[l0idx] = recoded_container[0]; 2552 break; 2553 } 2554 2555 ret = encode_krb5_enc_tkt_part(tep, &tmpdata); 2556 if (ad_orig_ptr != NULL) { 2557 tep->authorization_data[ad_orig_idx] = ad_orig_ptr; 2558 } 2559 krb5_free_enc_tkt_part(krb5_ctx, tep); 2560 tep = NULL; 2561 if (recoded_container != NULL) { 2562 krb5_free_authdata(krb5_ctx, recoded_container); 2563 recoded_container = NULL; 2564 } 2565 if (ret != 0) { 2566 missing_signing_key(tree, actx->pinfo, private_data, 2567 pactvb, state->ticket_checksum_type, 2568 state->kdc_ek->keytype, 2569 "encode_krb5_enc_tkt_part failed", 2570 "kdc_checksum_key", 2571 1, 2572 0); 2573 return; 2574 } 2575 2576 ret = krb5_c_verify_checksum(krb5_ctx, &kdc_key, 2577 KRB5_KEYUSAGE_APP_DATA_CKSUM, 2578 tmpdata, &checksum, &valid); 2579 krb5_free_data(krb5_ctx, tmpdata); 2580 tmpdata = NULL; 2581 if (ret != 0) { 2582 missing_signing_key(tree, actx->pinfo, private_data, 2583 pactvb, state->ticket_checksum_type, 2584 state->kdc_ek->keytype, 2585 "krb5_c_verify_checksum failed for Ticket Signature", 2586 "kdc_checksum_key", 2587 1, 2588 1); 2589 return; 2590 } 2591 2592 if (valid == FALSE) { 2593 missing_signing_key(tree, actx->pinfo, private_data, 2594 pactvb, state->ticket_checksum_type, 2595 state->kdc_ek->keytype, 2596 "Invalid Ticket", 2597 "kdc_checksum_key", 2598 1, 2599 1); 2600 return; 2601 } 2602 2603 used_signing_key(tree, actx->pinfo, private_data, 2604 state->kdc_ek, pactvb, 2605 state->ticket_checksum_type, 2606 "Verified Ticket", 2607 "kdc_checksum_key", 2608 1, 2609 1); 2610 #endif /* HAVE_DECODE_KRB5_ENC_TKT_PART */ 2611 } 2612 2613 static void 2614 verify_krb5_pac(proto_tree *tree _U_, asn1_ctx_t *actx, tvbuff_t *pactvb) 2615 { 2616 kerberos_private_data_t *private_data = kerberos_get_private_data(actx); 2617 krb5_error_code ret; 2618 krb5_data checksum_data = {0,0,NULL}; 2619 krb5_data ticket_checksum_data = {0,0,NULL}; 2620 int length = tvb_captured_length(pactvb); 2621 const guint8 *pacbuffer = NULL; 2622 struct verify_krb5_pac_state state = { 2623 .kdc_checksum = 0, 2624 }; 2625 2626 /* don't do anything if we are not attempting to decrypt data */ 2627 if(!krb_decrypt || length < 1){ 2628 return; 2629 } 2630 2631 /* make sure we have all the data we need */ 2632 if (tvb_captured_length(pactvb) < tvb_reported_length(pactvb)) { 2633 return; 2634 } 2635 2636 pacbuffer = tvb_get_ptr(pactvb, 0, length); 2637 2638 ret = krb5_pac_parse(krb5_ctx, pacbuffer, length, &state.pac); 2639 if (ret != 0) { 2640 proto_tree_add_expert_format(tree, actx->pinfo, &ei_kerberos_decrypted_keytype, 2641 pactvb, 0, 0, 2642 "Failed to parse PAC buffer %d in frame %u", 2643 ret, actx->pinfo->fd->num); 2644 return; 2645 } 2646 2647 ret = krb5_pac_get_buffer(krb5_ctx, state.pac, KRB5_PAC_SERVER_CHECKSUM, 2648 &checksum_data); 2649 if (ret == 0) { 2650 state.server_checksum = pletoh32(checksum_data.data); 2651 krb5_free_data_contents(krb5_ctx, &checksum_data); 2652 }; 2653 ret = krb5_pac_get_buffer(krb5_ctx, state.pac, KRB5_PAC_PRIVSVR_CHECKSUM, 2654 &checksum_data); 2655 if (ret == 0) { 2656 state.kdc_checksum = pletoh32(checksum_data.data); 2657 krb5_free_data_contents(krb5_ctx, &checksum_data); 2658 }; 2659 ret = krb5_pac_get_buffer(krb5_ctx, state.pac, 2660 __KRB5_PAC_TICKET_CHECKSUM, 2661 &ticket_checksum_data); 2662 if (ret == 0) { 2663 state.ticket_checksum_data = &ticket_checksum_data; 2664 state.ticket_checksum_type = pletoh32(ticket_checksum_data.data); 2665 }; 2666 2667 read_keytab_file_from_preferences(); 2668 2669 wmem_map_foreach(kerberos_all_keys, 2670 verify_krb5_pac_try_server_key, 2671 &state); 2672 if (state.server_ek != NULL) { 2673 used_signing_key(tree, actx->pinfo, private_data, 2674 state.server_ek, pactvb, 2675 state.server_checksum, "Verified Server", 2676 "all_keys", 2677 wmem_map_size(kerberos_all_keys), 2678 state.server_count); 2679 } else { 2680 int keytype = keytype_for_cksumtype(state.server_checksum); 2681 missing_signing_key(tree, actx->pinfo, private_data, 2682 pactvb, state.server_checksum, keytype, 2683 "Missing Server", 2684 "all_keys", 2685 wmem_map_size(kerberos_all_keys), 2686 state.server_count); 2687 } 2688 wmem_map_foreach(kerberos_longterm_keys, 2689 verify_krb5_pac_try_kdc_key, 2690 &state); 2691 if (state.kdc_ek != NULL) { 2692 used_signing_key(tree, actx->pinfo, private_data, 2693 state.kdc_ek, pactvb, 2694 state.kdc_checksum, "Verified KDC", 2695 "longterm_keys", 2696 wmem_map_size(kerberos_longterm_keys), 2697 state.kdc_count); 2698 } else { 2699 int keytype = keytype_for_cksumtype(state.kdc_checksum); 2700 missing_signing_key(tree, actx->pinfo, private_data, 2701 pactvb, state.kdc_checksum, keytype, 2702 "Missing KDC", 2703 "longterm_keys", 2704 wmem_map_size(kerberos_longterm_keys), 2705 state.kdc_count); 2706 } 2707 2708 if (state.ticket_checksum_type != 0) { 2709 verify_krb5_pac_ticket_checksum(tree, actx, pactvb, &state); 2710 } 2711 2712 if (state.ticket_checksum_data != NULL) { 2713 krb5_free_data_contents(krb5_ctx, &ticket_checksum_data); 2714 } 2715 2716 krb5_pac_free(krb5_ctx, state.pac); 2717 } 2718 #endif /* HAVE_KRB5_PAC_VERIFY */ 2719 2720 #elif defined(HAVE_HEIMDAL_KERBEROS) 2721 static krb5_context krb5_ctx; 2722 2723 USES_APPLE_DEPRECATED_API 2724 2725 static void 2726 krb5_fast_key(asn1_ctx_t *actx _U_, proto_tree *tree _U_, tvbuff_t *tvb _U_, 2727 enc_key_t *ek1 _U_, const char *p1 _U_, 2728 enc_key_t *ek2 _U_, const char *p2 _U_, 2729 const char *origin _U_) 2730 { 2731 /* TODO: use krb5_crypto_fx_cf2() from Heimdal */ 2732 } 2733 void 2734 read_keytab_file(const char *filename) 2735 { 2736 krb5_keytab keytab; 2737 krb5_error_code ret; 2738 krb5_keytab_entry key; 2739 krb5_kt_cursor cursor; 2740 enc_key_t *new_key; 2741 static gboolean first_time=TRUE; 2742 2743 if (filename == NULL || filename[0] == 0) { 2744 return; 2745 } 2746 2747 if(first_time){ 2748 first_time=FALSE; 2749 ret = krb5_init_context(&krb5_ctx); 2750 if(ret){ 2751 return; 2752 } 2753 } 2754 2755 /* should use a file in the wireshark users dir */ 2756 ret = krb5_kt_resolve(krb5_ctx, filename, &keytab); 2757 if(ret){ 2758 fprintf(stderr, "KERBEROS ERROR: Could not open keytab file :%s\n",filename); 2759 2760 return; 2761 } 2762 2763 ret = krb5_kt_start_seq_get(krb5_ctx, keytab, &cursor); 2764 if(ret){ 2765 fprintf(stderr, "KERBEROS ERROR: Could not read from keytab file :%s\n",filename); 2766 return; 2767 } 2768 2769 do{ 2770 ret = krb5_kt_next_entry(krb5_ctx, keytab, &key, &cursor); 2771 if(ret==0){ 2772 unsigned int i; 2773 char *pos; 2774 2775 new_key = wmem_new0(wmem_epan_scope(), enc_key_t); 2776 new_key->fd_num = -1; 2777 new_key->id = ++kerberos_longterm_ids; 2778 g_snprintf(new_key->id_str, KRB_MAX_ID_STR_LEN, "keytab.%u", new_key->id); 2779 new_key->next = enc_key_list; 2780 2781 /* generate origin string, describing where this key came from */ 2782 pos=new_key->key_origin; 2783 pos+=MIN(KRB_MAX_ORIG_LEN, 2784 g_snprintf(pos, KRB_MAX_ORIG_LEN, "keytab principal ")); 2785 for(i=0;i<key.principal->name.name_string.len;i++){ 2786 pos+=MIN(KRB_MAX_ORIG_LEN-(pos-new_key->key_origin), 2787 g_snprintf(pos, KRB_MAX_ORIG_LEN-(pos-new_key->key_origin), "%s%s",(i?"/":""),key.principal->name.name_string.val[i])); 2788 } 2789 pos+=MIN(KRB_MAX_ORIG_LEN-(pos-new_key->key_origin), 2790 g_snprintf(pos, KRB_MAX_ORIG_LEN-(pos-new_key->key_origin), "@%s",key.principal->realm)); 2791 *pos=0; 2792 new_key->keytype=key.keyblock.keytype; 2793 new_key->keylength=(int)key.keyblock.keyvalue.length; 2794 memcpy(new_key->keyvalue, 2795 key.keyblock.keyvalue.data, 2796 MIN((guint)key.keyblock.keyvalue.length, KRB_MAX_KEY_LENGTH)); 2797 2798 enc_key_list=new_key; 2799 ret = krb5_kt_free_entry(krb5_ctx, &key); 2800 if (ret) { 2801 fprintf(stderr, "KERBEROS ERROR: Could not release the entry: %d", ret); 2802 ret = 0; /* try to continue with the next entry */ 2803 } 2804 kerberos_key_map_insert(kerberos_longterm_keys, new_key); 2805 } 2806 }while(ret==0); 2807 2808 ret = krb5_kt_end_seq_get(krb5_ctx, keytab, &cursor); 2809 if(ret){ 2810 fprintf(stderr, "KERBEROS ERROR: Could not release the keytab cursor: %d", ret); 2811 } 2812 ret = krb5_kt_close(krb5_ctx, keytab); 2813 if(ret){ 2814 fprintf(stderr, "KERBEROS ERROR: Could not close the key table handle: %d", ret); 2815 } 2816 2817 } 2818 USES_APPLE_RST 2819 2820 2821 guint8 * 2822 decrypt_krb5_data(proto_tree *tree _U_, packet_info *pinfo, 2823 int usage, 2824 tvbuff_t *cryptotvb, 2825 int keytype, 2826 int *datalen) 2827 { 2828 kerberos_private_data_t *zero_private = kerberos_new_private_data(pinfo); 2829 krb5_error_code ret; 2830 krb5_data data; 2831 enc_key_t *ek; 2832 int length = tvb_captured_length(cryptotvb); 2833 const guint8 *cryptotext = tvb_get_ptr(cryptotvb, 0, length); 2834 2835 /* don't do anything if we are not attempting to decrypt data */ 2836 if(!krb_decrypt){ 2837 return NULL; 2838 } 2839 2840 /* make sure we have all the data we need */ 2841 if (tvb_captured_length(cryptotvb) < tvb_reported_length(cryptotvb)) { 2842 return NULL; 2843 } 2844 2845 read_keytab_file_from_preferences(); 2846 2847 for(ek=enc_key_list;ek;ek=ek->next){ 2848 krb5_keytab_entry key; 2849 krb5_crypto crypto; 2850 guint8 *cryptocopy; /* workaround for pre-0.6.1 heimdal bug */ 2851 2852 /* shortcircuit and bail out if enctypes are not matching */ 2853 if((keytype != -1) && (ek->keytype != keytype)) { 2854 continue; 2855 } 2856 2857 key.keyblock.keytype=ek->keytype; 2858 key.keyblock.keyvalue.length=ek->keylength; 2859 key.keyblock.keyvalue.data=ek->keyvalue; 2860 ret = krb5_crypto_init(krb5_ctx, &(key.keyblock), (krb5_enctype)ENCTYPE_NULL, &crypto); 2861 if(ret){ 2862 return NULL; 2863 } 2864 2865 /* pre-0.6.1 versions of Heimdal would sometimes change 2866 the cryptotext data even when the decryption failed. 2867 This would obviously not work since we iterate over the 2868 keys. So just give it a copy of the crypto data instead. 2869 This has been seen for RC4-HMAC blobs. 2870 */ 2871 cryptocopy = (guint8 *)wmem_memdup(pinfo->pool, cryptotext, length); 2872 ret = krb5_decrypt_ivec(krb5_ctx, crypto, usage, 2873 cryptocopy, length, 2874 &data, 2875 NULL); 2876 if((ret == 0) && (length>0)){ 2877 char *user_data; 2878 2879 used_encryption_key(tree, pinfo, zero_private, 2880 ek, usage, cryptotvb, 2881 "enc_key_list", 0, 0); 2882 2883 krb5_crypto_destroy(krb5_ctx, crypto); 2884 /* return a private wmem_alloced blob to the caller */ 2885 user_data = (char *)wmem_memdup(pinfo->pool, data.data, (guint)data.length); 2886 if (datalen) { 2887 *datalen = (int)data.length; 2888 } 2889 return user_data; 2890 } 2891 krb5_crypto_destroy(krb5_ctx, crypto); 2892 } 2893 return NULL; 2894 } 2895 2896 #define NEED_DECRYPT_KRB5_KRB_CFX_DCE_NOOP 1 2897 2898 #elif defined (HAVE_LIBNETTLE) 2899 2900 #define SERVICE_KEY_SIZE (DES3_KEY_SIZE + 2) 2901 #define KEYTYPE_DES3_CBC_MD5 5 /* Currently the only one supported */ 2902 2903 typedef struct _service_key_t { 2904 guint16 kvno; 2905 int keytype; 2906 int length; 2907 guint8 *contents; 2908 char origin[KRB_MAX_ORIG_LEN+1]; 2909 } service_key_t; 2910 GSList *service_key_list = NULL; 2911 2912 2913 static void 2914 add_encryption_key(packet_info *pinfo, int keytype, int keylength, const char *keyvalue, const char *origin) 2915 { 2916 service_key_t *new_key; 2917 2918 if(pinfo->fd->visited){ 2919 return; 2920 } 2921 2922 new_key = g_malloc(sizeof(service_key_t)); 2923 new_key->kvno = 0; 2924 new_key->keytype = keytype; 2925 new_key->length = keylength; 2926 new_key->contents = g_memdup2(keyvalue, keylength); 2927 g_snprintf(new_key->origin, KRB_MAX_ORIG_LEN, "%s learnt from frame %u", origin, pinfo->num); 2928 service_key_list = g_slist_append(service_key_list, (gpointer) new_key); 2929 } 2930 2931 static void 2932 save_encryption_key(tvbuff_t *tvb _U_, int offset _U_, int length _U_, 2933 asn1_ctx_t *actx _U_, proto_tree *tree _U_, 2934 int parent_hf_index _U_, 2935 int hf_index _U_) 2936 { 2937 kerberos_private_data_t *private_data = kerberos_get_private_data(actx); 2938 const char *parent = proto_registrar_get_name(parent_hf_index); 2939 const char *element = proto_registrar_get_name(hf_index); 2940 char origin[KRB_MAX_ORIG_LEN] = { 0, }; 2941 2942 g_snprintf(origin, KRB_MAX_ORIG_LEN, "%s_%s", parent, element); 2943 2944 add_encryption_key(actx->pinfo, 2945 private_data->key.keytype, 2946 private_data->key.keylength, 2947 private_data->key.keyvalue, 2948 origin); 2949 } 2950 2951 static void 2952 save_Authenticator_subkey(tvbuff_t *tvb, int offset, int length, 2953 asn1_ctx_t *actx, proto_tree *tree, 2954 int parent_hf_index, 2955 int hf_index) 2956 { 2957 save_encryption_key(tvb, offset, length, actx, tree, parent_hf_index, hf_index); 2958 } 2959 2960 static void 2961 save_EncAPRepPart_subkey(tvbuff_t *tvb, int offset, int length, 2962 asn1_ctx_t *actx, proto_tree *tree, 2963 int parent_hf_index, 2964 int hf_index) 2965 { 2966 save_encryption_key(tvb, offset, length, actx, tree, parent_hf_index, hf_index); 2967 } 2968 2969 static void 2970 save_EncKDCRepPart_key(tvbuff_t *tvb, int offset, int length, 2971 asn1_ctx_t *actx, proto_tree *tree, 2972 int parent_hf_index, 2973 int hf_index) 2974 { 2975 save_encryption_key(tvb, offset, length, actx, tree, parent_hf_index, hf_index); 2976 } 2977 2978 static void 2979 save_EncTicketPart_key(tvbuff_t *tvb, int offset, int length, 2980 asn1_ctx_t *actx, proto_tree *tree, 2981 int parent_hf_index, 2982 int hf_index) 2983 { 2984 save_encryption_key(tvb, offset, length, actx, tree, parent_hf_index, hf_index); 2985 } 2986 2987 static void 2988 save_KrbCredInfo_key(tvbuff_t *tvb, int offset, int length, 2989 asn1_ctx_t *actx, proto_tree *tree, 2990 int parent_hf_index, 2991 int hf_index) 2992 { 2993 save_encryption_key(tvb, offset, length, actx, tree, parent_hf_index, hf_index); 2994 } 2995 2996 static void 2997 save_KrbFastResponse_strengthen_key(tvbuff_t *tvb _U_, int offset _U_, int length _U_, 2998 asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) 2999 { 3000 save_encryption_key(tvb, offset, length, actx, tree, hf_index); 3001 } 3002 3003 static void 3004 clear_keytab(void) { 3005 GSList *ske; 3006 service_key_t *sk; 3007 3008 for(ske = service_key_list; ske != NULL; ske = g_slist_next(ske)){ 3009 sk = (service_key_t *) ske->data; 3010 if (sk) { 3011 g_free(sk->contents); 3012 g_free(sk); 3013 } 3014 } 3015 g_slist_free(service_key_list); 3016 service_key_list = NULL; 3017 } 3018 3019 static void 3020 read_keytab_file(const char *service_key_file) 3021 { 3022 FILE *skf; 3023 ws_statb64 st; 3024 service_key_t *sk; 3025 unsigned char buf[SERVICE_KEY_SIZE]; 3026 int newline_skip = 0, count = 0; 3027 3028 if (service_key_file != NULL && ws_stat64 (service_key_file, &st) == 0) { 3029 3030 /* The service key file contains raw 192-bit (24 byte) 3DES keys. 3031 * There can be zero, one (\n), or two (\r\n) characters between 3032 * keys. Trailing characters are ignored. 3033 */ 3034 3035 /* XXX We should support the standard keytab format instead */ 3036 if (st.st_size > SERVICE_KEY_SIZE) { 3037 if ( (st.st_size % (SERVICE_KEY_SIZE + 1) == 0) || 3038 (st.st_size % (SERVICE_KEY_SIZE + 1) == SERVICE_KEY_SIZE) ) { 3039 newline_skip = 1; 3040 } else if ( (st.st_size % (SERVICE_KEY_SIZE + 2) == 0) || 3041 (st.st_size % (SERVICE_KEY_SIZE + 2) == SERVICE_KEY_SIZE) ) { 3042 newline_skip = 2; 3043 } 3044 } 3045 3046 skf = ws_fopen(service_key_file, "rb"); 3047 if (! skf) return; 3048 3049 while (fread(buf, SERVICE_KEY_SIZE, 1, skf) == 1) { 3050 sk = g_malloc(sizeof(service_key_t)); 3051 sk->kvno = buf[0] << 8 | buf[1]; 3052 sk->keytype = KEYTYPE_DES3_CBC_MD5; 3053 sk->length = DES3_KEY_SIZE; 3054 sk->contents = g_memdup2(buf + 2, DES3_KEY_SIZE); 3055 g_snprintf(sk->origin, KRB_MAX_ORIG_LEN, "3DES service key file, key #%d, offset %ld", count, ftell(skf)); 3056 service_key_list = g_slist_append(service_key_list, (gpointer) sk); 3057 if (fseek(skf, newline_skip, SEEK_CUR) < 0) { 3058 fprintf(stderr, "unable to seek...\n"); 3059 fclose(skf); 3060 return; 3061 } 3062 count++; 3063 } 3064 fclose(skf); 3065 } 3066 } 3067 3068 #define CONFOUNDER_PLUS_CHECKSUM 24 3069 3070 guint8 * 3071 decrypt_krb5_data(proto_tree *tree, packet_info *pinfo, 3072 int _U_ usage, 3073 tvbuff_t *cryptotvb, 3074 int keytype, 3075 int *datalen) 3076 { 3077 tvbuff_t *encr_tvb; 3078 guint8 *decrypted_data = NULL, *plaintext = NULL; 3079 guint8 cls; 3080 gboolean pc; 3081 guint32 tag, item_len, data_len; 3082 int id_offset, offset; 3083 guint8 key[DES3_KEY_SIZE]; 3084 guint8 initial_vector[DES_BLOCK_SIZE]; 3085 gcry_md_hd_t md5_handle; 3086 guint8 *digest; 3087 guint8 zero_fill[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; 3088 guint8 confounder[8]; 3089 gboolean ind; 3090 GSList *ske; 3091 service_key_t *sk; 3092 struct des3_ctx ctx; 3093 int length = tvb_captured_length(cryptotvb); 3094 const guint8 *cryptotext = tvb_get_ptr(cryptotvb, 0, length); 3095 3096 3097 /* don't do anything if we are not attempting to decrypt data */ 3098 if(!krb_decrypt){ 3099 return NULL; 3100 } 3101 3102 /* make sure we have all the data we need */ 3103 if (tvb_captured_length(cryptotvb) < tvb_reported_length(cryptotvb)) { 3104 return NULL; 3105 } 3106 3107 if (keytype != KEYTYPE_DES3_CBC_MD5 || service_key_list == NULL) { 3108 return NULL; 3109 } 3110 3111 decrypted_data = wmem_alloc(pinfo->pool, length); 3112 for(ske = service_key_list; ske != NULL; ske = g_slist_next(ske)){ 3113 gboolean do_continue = FALSE; 3114 gboolean digest_ok; 3115 sk = (service_key_t *) ske->data; 3116 3117 des_fix_parity(DES3_KEY_SIZE, key, sk->contents); 3118 3119 memset(initial_vector, 0, DES_BLOCK_SIZE); 3120 des3_set_key(&ctx, key); 3121 cbc_decrypt(&ctx, des3_decrypt, DES_BLOCK_SIZE, initial_vector, 3122 length, decrypted_data, cryptotext); 3123 encr_tvb = tvb_new_real_data(decrypted_data, length, length); 3124 3125 tvb_memcpy(encr_tvb, confounder, 0, 8); 3126 3127 /* We have to pull the decrypted data length from the decrypted 3128 * content. If the key doesn't match or we otherwise get garbage, 3129 * an exception may get thrown while decoding the ASN.1 header. 3130 * Catch it, just in case. 3131 */ 3132 TRY { 3133 id_offset = get_ber_identifier(encr_tvb, CONFOUNDER_PLUS_CHECKSUM, &cls, &pc, &tag); 3134 offset = get_ber_length(encr_tvb, id_offset, &item_len, &ind); 3135 } 3136 CATCH_BOUNDS_ERRORS { 3137 tvb_free(encr_tvb); 3138 do_continue = TRUE; 3139 } 3140 ENDTRY; 3141 3142 if (do_continue) continue; 3143 3144 data_len = item_len + offset - CONFOUNDER_PLUS_CHECKSUM; 3145 if ((int) item_len + offset > length) { 3146 tvb_free(encr_tvb); 3147 continue; 3148 } 3149 3150 if (gcry_md_open(&md5_handle, GCRY_MD_MD5, 0)) { 3151 return NULL; 3152 } 3153 gcry_md_write(md5_handle, confounder, 8); 3154 gcry_md_write(md5_handle, zero_fill, 16); 3155 gcry_md_write(md5_handle, decrypted_data + CONFOUNDER_PLUS_CHECKSUM, data_len); 3156 digest = gcry_md_read(md5_handle, 0); 3157 3158 digest_ok = (tvb_memeql (encr_tvb, 8, digest, HASH_MD5_LENGTH) == 0); 3159 gcry_md_close(md5_handle); 3160 if (digest_ok) { 3161 plaintext = (guint8* )tvb_memdup(pinfo->pool, encr_tvb, CONFOUNDER_PLUS_CHECKSUM, data_len); 3162 tvb_free(encr_tvb); 3163 3164 if (datalen) { 3165 *datalen = data_len; 3166 } 3167 return(plaintext); 3168 } 3169 tvb_free(encr_tvb); 3170 } 3171 3172 return NULL; 3173 } 3174 3175 #endif /* HAVE_MIT_KERBEROS / HAVE_HEIMDAL_KERBEROS / HAVE_LIBNETTLE */ 3176 3177 #ifdef NEED_DECRYPT_KRB5_KRB_CFX_DCE_NOOP 3178 tvbuff_t * 3179 decrypt_krb5_krb_cfx_dce(proto_tree *tree _U_, 3180 packet_info *pinfo _U_, 3181 int usage _U_, 3182 int keytype _U_, 3183 tvbuff_t *gssapi_header_tvb _U_, 3184 tvbuff_t *gssapi_encrypted_tvb _U_, 3185 tvbuff_t *gssapi_trailer_tvb _U_, 3186 tvbuff_t *checksum_tvb _U_) 3187 { 3188 return NULL; 3189 } 3190 #endif /* NEED_DECRYPT_KRB5_KRB_CFX_DCE_NOOP */ 3191 3192 #define INET6_ADDRLEN 16 3193 3194 /* TCP Record Mark */ 3195 #define KRB_RM_RESERVED 0x80000000U 3196 #define KRB_RM_RECLEN 0x7fffffffU 3197 3198 #define KRB5_MSG_TICKET 1 /* Ticket */ 3199 #define KRB5_MSG_AUTHENTICATOR 2 /* Authenticator */ 3200 #define KRB5_MSG_ENC_TICKET_PART 3 /* EncTicketPart */ 3201 #define KRB5_MSG_AS_REQ 10 /* AS-REQ type */ 3202 #define KRB5_MSG_AS_REP 11 /* AS-REP type */ 3203 #define KRB5_MSG_TGS_REQ 12 /* TGS-REQ type */ 3204 #define KRB5_MSG_TGS_REP 13 /* TGS-REP type */ 3205 #define KRB5_MSG_AP_REQ 14 /* AP-REQ type */ 3206 #define KRB5_MSG_AP_REP 15 /* AP-REP type */ 3207 #define KRB5_MSG_TGT_REQ 16 /* TGT-REQ type */ 3208 #define KRB5_MSG_TGT_REP 17 /* TGT-REP type */ 3209 3210 #define KRB5_MSG_SAFE 20 /* KRB-SAFE type */ 3211 #define KRB5_MSG_PRIV 21 /* KRB-PRIV type */ 3212 #define KRB5_MSG_CRED 22 /* KRB-CRED type */ 3213 #define KRB5_MSG_ENC_AS_REP_PART 25 /* EncASRepPart */ 3214 #define KRB5_MSG_ENC_TGS_REP_PART 26 /* EncTGSRepPart */ 3215 #define KRB5_MSG_ENC_AP_REP_PART 27 /* EncAPRepPart */ 3216 #define KRB5_MSG_ENC_KRB_PRIV_PART 28 /* EncKrbPrivPart */ 3217 #define KRB5_MSG_ENC_KRB_CRED_PART 29 /* EncKrbCredPart */ 3218 #define KRB5_MSG_ERROR 30 /* KRB-ERROR type */ 3219 3220 #define KRB5_CHKSUM_GSSAPI 0x8003 3221 /* 3222 * For KERB_ENCTYPE_RC4_HMAC and KERB_ENCTYPE_RC4_HMAC_EXP, see 3223 * 3224 * https://tools.ietf.org/html/draft-brezak-win2k-krb-rc4-hmac-04 3225 * 3226 * unless it's expired. 3227 */ 3228 3229 /* Principal name-type */ 3230 #define KRB5_NT_UNKNOWN 0 3231 #define KRB5_NT_PRINCIPAL 1 3232 #define KRB5_NT_SRV_INST 2 3233 #define KRB5_NT_SRV_HST 3 3234 #define KRB5_NT_SRV_XHST 4 3235 #define KRB5_NT_UID 5 3236 #define KRB5_NT_X500_PRINCIPAL 6 3237 #define KRB5_NT_SMTP_NAME 7 3238 #define KRB5_NT_ENTERPRISE 10 3239 3240 /* 3241 * MS specific name types, from 3242 * 3243 * http://msdn.microsoft.com/library/en-us/security/security/kerb_external_name.asp 3244 */ 3245 #define KRB5_NT_MS_PRINCIPAL -128 3246 #define KRB5_NT_MS_PRINCIPAL_AND_SID -129 3247 #define KRB5_NT_ENT_PRINCIPAL_AND_SID -130 3248 #define KRB5_NT_PRINCIPAL_AND_SID -131 3249 #define KRB5_NT_SRV_INST_AND_SID -132 3250 3251 /* error table constants */ 3252 /* I prefixed the krb5_err.et constant names with KRB5_ET_ for these */ 3253 #define KRB5_ET_KRB5KDC_ERR_NONE 0 3254 #define KRB5_ET_KRB5KDC_ERR_NAME_EXP 1 3255 #define KRB5_ET_KRB5KDC_ERR_SERVICE_EXP 2 3256 #define KRB5_ET_KRB5KDC_ERR_BAD_PVNO 3 3257 #define KRB5_ET_KRB5KDC_ERR_C_OLD_MAST_KVNO 4 3258 #define KRB5_ET_KRB5KDC_ERR_S_OLD_MAST_KVNO 5 3259 #define KRB5_ET_KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN 6 3260 #define KRB5_ET_KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN 7 3261 #define KRB5_ET_KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE 8 3262 #define KRB5_ET_KRB5KDC_ERR_NULL_KEY 9 3263 #define KRB5_ET_KRB5KDC_ERR_CANNOT_POSTDATE 10 3264 #define KRB5_ET_KRB5KDC_ERR_NEVER_VALID 11 3265 #define KRB5_ET_KRB5KDC_ERR_POLICY 12 3266 #define KRB5_ET_KRB5KDC_ERR_BADOPTION 13 3267 #define KRB5_ET_KRB5KDC_ERR_ETYPE_NOSUPP 14 3268 #define KRB5_ET_KRB5KDC_ERR_SUMTYPE_NOSUPP 15 3269 #define KRB5_ET_KRB5KDC_ERR_PADATA_TYPE_NOSUPP 16 3270 #define KRB5_ET_KRB5KDC_ERR_TRTYPE_NOSUPP 17 3271 #define KRB5_ET_KRB5KDC_ERR_CLIENT_REVOKED 18 3272 #define KRB5_ET_KRB5KDC_ERR_SERVICE_REVOKED 19 3273 #define KRB5_ET_KRB5KDC_ERR_TGT_REVOKED 20 3274 #define KRB5_ET_KRB5KDC_ERR_CLIENT_NOTYET 21 3275 #define KRB5_ET_KRB5KDC_ERR_SERVICE_NOTYET 22 3276 #define KRB5_ET_KRB5KDC_ERR_KEY_EXP 23 3277 #define KRB5_ET_KRB5KDC_ERR_PREAUTH_FAILED 24 3278 #define KRB5_ET_KRB5KDC_ERR_PREAUTH_REQUIRED 25 3279 #define KRB5_ET_KRB5KDC_ERR_SERVER_NOMATCH 26 3280 #define KRB5_ET_KRB5KDC_ERR_MUST_USE_USER2USER 27 3281 #define KRB5_ET_KRB5KDC_ERR_PATH_NOT_ACCEPTED 28 3282 #define KRB5_ET_KRB5KDC_ERR_SVC_UNAVAILABLE 29 3283 #define KRB5_ET_KRB5KRB_AP_ERR_BAD_INTEGRITY 31 3284 #define KRB5_ET_KRB5KRB_AP_ERR_TKT_EXPIRED 32 3285 #define KRB5_ET_KRB5KRB_AP_ERR_TKT_NYV 33 3286 #define KRB5_ET_KRB5KRB_AP_ERR_REPEAT 34 3287 #define KRB5_ET_KRB5KRB_AP_ERR_NOT_US 35 3288 #define KRB5_ET_KRB5KRB_AP_ERR_BADMATCH 36 3289 #define KRB5_ET_KRB5KRB_AP_ERR_SKEW 37 3290 #define KRB5_ET_KRB5KRB_AP_ERR_BADADDR 38 3291 #define KRB5_ET_KRB5KRB_AP_ERR_BADVERSION 39 3292 #define KRB5_ET_KRB5KRB_AP_ERR_MSG_TYPE 40 3293 #define KRB5_ET_KRB5KRB_AP_ERR_MODIFIED 41 3294 #define KRB5_ET_KRB5KRB_AP_ERR_BADORDER 42 3295 #define KRB5_ET_KRB5KRB_AP_ERR_ILL_CR_TKT 43 3296 #define KRB5_ET_KRB5KRB_AP_ERR_BADKEYVER 44 3297 #define KRB5_ET_KRB5KRB_AP_ERR_NOKEY 45 3298 #define KRB5_ET_KRB5KRB_AP_ERR_MUT_FAIL 46 3299 #define KRB5_ET_KRB5KRB_AP_ERR_BADDIRECTION 47 3300 #define KRB5_ET_KRB5KRB_AP_ERR_METHOD 48 3301 #define KRB5_ET_KRB5KRB_AP_ERR_BADSEQ 49 3302 #define KRB5_ET_KRB5KRB_AP_ERR_INAPP_CKSUM 50 3303 #define KRB5_ET_KRB5KDC_AP_PATH_NOT_ACCEPTED 51 3304 #define KRB5_ET_KRB5KRB_ERR_RESPONSE_TOO_BIG 52 3305 #define KRB5_ET_KRB5KRB_ERR_GENERIC 60 3306 #define KRB5_ET_KRB5KRB_ERR_FIELD_TOOLONG 61 3307 #define KRB5_ET_KDC_ERROR_CLIENT_NOT_TRUSTED 62 3308 #define KRB5_ET_KDC_ERROR_KDC_NOT_TRUSTED 63 3309 #define KRB5_ET_KDC_ERROR_INVALID_SIG 64 3310 #define KRB5_ET_KDC_ERR_KEY_TOO_WEAK 65 3311 #define KRB5_ET_KDC_ERR_CERTIFICATE_MISMATCH 66 3312 #define KRB5_ET_KRB_AP_ERR_NO_TGT 67 3313 #define KRB5_ET_KDC_ERR_WRONG_REALM 68 3314 #define KRB5_ET_KRB_AP_ERR_USER_TO_USER_REQUIRED 69 3315 #define KRB5_ET_KDC_ERR_CANT_VERIFY_CERTIFICATE 70 3316 #define KRB5_ET_KDC_ERR_INVALID_CERTIFICATE 71 3317 #define KRB5_ET_KDC_ERR_REVOKED_CERTIFICATE 72 3318 #define KRB5_ET_KDC_ERR_REVOCATION_STATUS_UNKNOWN 73 3319 #define KRB5_ET_KDC_ERR_REVOCATION_STATUS_UNAVAILABLE 74 3320 #define KRB5_ET_KDC_ERR_CLIENT_NAME_MISMATCH 75 3321 #define KRB5_ET_KDC_ERR_KDC_NAME_MISMATCH 76 3322 #define KRB5_ET_KDC_ERR_PREAUTH_EXPIRED 90 3323 #define KRB5_ET_KDC_ERR_MORE_PREAUTH_DATA_REQUIRED 91 3324 #define KRB5_ET_KDC_ERR_PREAUTH_BAD_AUTHENTICATION_SET 92 3325 #define KRB5_ET_KDC_ERR_UNKNOWN_CRITICAL_FAST_OPTIONS 93 3326 3327 static const value_string krb5_error_codes[] = { 3328 { KRB5_ET_KRB5KDC_ERR_NONE, "KRB5KDC_ERR_NONE" }, 3329 { KRB5_ET_KRB5KDC_ERR_NAME_EXP, "KRB5KDC_ERR_NAME_EXP" }, 3330 { KRB5_ET_KRB5KDC_ERR_SERVICE_EXP, "KRB5KDC_ERR_SERVICE_EXP" }, 3331 { KRB5_ET_KRB5KDC_ERR_BAD_PVNO, "KRB5KDC_ERR_BAD_PVNO" }, 3332 { KRB5_ET_KRB5KDC_ERR_C_OLD_MAST_KVNO, "KRB5KDC_ERR_C_OLD_MAST_KVNO" }, 3333 { KRB5_ET_KRB5KDC_ERR_S_OLD_MAST_KVNO, "KRB5KDC_ERR_S_OLD_MAST_KVNO" }, 3334 { KRB5_ET_KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN, "KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN" }, 3335 { KRB5_ET_KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN, "KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN" }, 3336 { KRB5_ET_KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE, "KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE" }, 3337 { KRB5_ET_KRB5KDC_ERR_NULL_KEY, "KRB5KDC_ERR_NULL_KEY" }, 3338 { KRB5_ET_KRB5KDC_ERR_CANNOT_POSTDATE, "KRB5KDC_ERR_CANNOT_POSTDATE" }, 3339 { KRB5_ET_KRB5KDC_ERR_NEVER_VALID, "KRB5KDC_ERR_NEVER_VALID" }, 3340 { KRB5_ET_KRB5KDC_ERR_POLICY, "KRB5KDC_ERR_POLICY" }, 3341 { KRB5_ET_KRB5KDC_ERR_BADOPTION, "KRB5KDC_ERR_BADOPTION" }, 3342 { KRB5_ET_KRB5KDC_ERR_ETYPE_NOSUPP, "KRB5KDC_ERR_ETYPE_NOSUPP" }, 3343 { KRB5_ET_KRB5KDC_ERR_SUMTYPE_NOSUPP, "KRB5KDC_ERR_SUMTYPE_NOSUPP" }, 3344 { KRB5_ET_KRB5KDC_ERR_PADATA_TYPE_NOSUPP, "KRB5KDC_ERR_PADATA_TYPE_NOSUPP" }, 3345 { KRB5_ET_KRB5KDC_ERR_TRTYPE_NOSUPP, "KRB5KDC_ERR_TRTYPE_NOSUPP" }, 3346 { KRB5_ET_KRB5KDC_ERR_CLIENT_REVOKED, "KRB5KDC_ERR_CLIENT_REVOKED" }, 3347 { KRB5_ET_KRB5KDC_ERR_SERVICE_REVOKED, "KRB5KDC_ERR_SERVICE_REVOKED" }, 3348 { KRB5_ET_KRB5KDC_ERR_TGT_REVOKED, "KRB5KDC_ERR_TGT_REVOKED" }, 3349 { KRB5_ET_KRB5KDC_ERR_CLIENT_NOTYET, "KRB5KDC_ERR_CLIENT_NOTYET" }, 3350 { KRB5_ET_KRB5KDC_ERR_SERVICE_NOTYET, "KRB5KDC_ERR_SERVICE_NOTYET" }, 3351 { KRB5_ET_KRB5KDC_ERR_KEY_EXP, "KRB5KDC_ERR_KEY_EXP" }, 3352 { KRB5_ET_KRB5KDC_ERR_PREAUTH_FAILED, "KRB5KDC_ERR_PREAUTH_FAILED" }, 3353 { KRB5_ET_KRB5KDC_ERR_PREAUTH_REQUIRED, "KRB5KDC_ERR_PREAUTH_REQUIRED" }, 3354 { KRB5_ET_KRB5KDC_ERR_SERVER_NOMATCH, "KRB5KDC_ERR_SERVER_NOMATCH" }, 3355 { KRB5_ET_KRB5KDC_ERR_MUST_USE_USER2USER, "KRB5KDC_ERR_MUST_USE_USER2USER" }, 3356 { KRB5_ET_KRB5KDC_ERR_PATH_NOT_ACCEPTED, "KRB5KDC_ERR_PATH_NOT_ACCEPTED" }, 3357 { KRB5_ET_KRB5KDC_ERR_SVC_UNAVAILABLE, "KRB5KDC_ERR_SVC_UNAVAILABLE" }, 3358 { KRB5_ET_KRB5KRB_AP_ERR_BAD_INTEGRITY, "KRB5KRB_AP_ERR_BAD_INTEGRITY" }, 3359 { KRB5_ET_KRB5KRB_AP_ERR_TKT_EXPIRED, "KRB5KRB_AP_ERR_TKT_EXPIRED" }, 3360 { KRB5_ET_KRB5KRB_AP_ERR_TKT_NYV, "KRB5KRB_AP_ERR_TKT_NYV" }, 3361 { KRB5_ET_KRB5KRB_AP_ERR_REPEAT, "KRB5KRB_AP_ERR_REPEAT" }, 3362 { KRB5_ET_KRB5KRB_AP_ERR_NOT_US, "KRB5KRB_AP_ERR_NOT_US" }, 3363 { KRB5_ET_KRB5KRB_AP_ERR_BADMATCH, "KRB5KRB_AP_ERR_BADMATCH" }, 3364 { KRB5_ET_KRB5KRB_AP_ERR_SKEW, "KRB5KRB_AP_ERR_SKEW" }, 3365 { KRB5_ET_KRB5KRB_AP_ERR_BADADDR, "KRB5KRB_AP_ERR_BADADDR" }, 3366 { KRB5_ET_KRB5KRB_AP_ERR_BADVERSION, "KRB5KRB_AP_ERR_BADVERSION" }, 3367 { KRB5_ET_KRB5KRB_AP_ERR_MSG_TYPE, "KRB5KRB_AP_ERR_MSG_TYPE" }, 3368 { KRB5_ET_KRB5KRB_AP_ERR_MODIFIED, "KRB5KRB_AP_ERR_MODIFIED" }, 3369 { KRB5_ET_KRB5KRB_AP_ERR_BADORDER, "KRB5KRB_AP_ERR_BADORDER" }, 3370 { KRB5_ET_KRB5KRB_AP_ERR_ILL_CR_TKT, "KRB5KRB_AP_ERR_ILL_CR_TKT" }, 3371 { KRB5_ET_KRB5KRB_AP_ERR_BADKEYVER, "KRB5KRB_AP_ERR_BADKEYVER" }, 3372 { KRB5_ET_KRB5KRB_AP_ERR_NOKEY, "KRB5KRB_AP_ERR_NOKEY" }, 3373 { KRB5_ET_KRB5KRB_AP_ERR_MUT_FAIL, "KRB5KRB_AP_ERR_MUT_FAIL" }, 3374 { KRB5_ET_KRB5KRB_AP_ERR_BADDIRECTION, "KRB5KRB_AP_ERR_BADDIRECTION" }, 3375 { KRB5_ET_KRB5KRB_AP_ERR_METHOD, "KRB5KRB_AP_ERR_METHOD" }, 3376 { KRB5_ET_KRB5KRB_AP_ERR_BADSEQ, "KRB5KRB_AP_ERR_BADSEQ" }, 3377 { KRB5_ET_KRB5KRB_AP_ERR_INAPP_CKSUM, "KRB5KRB_AP_ERR_INAPP_CKSUM" }, 3378 { KRB5_ET_KRB5KDC_AP_PATH_NOT_ACCEPTED, "KRB5KDC_AP_PATH_NOT_ACCEPTED" }, 3379 { KRB5_ET_KRB5KRB_ERR_RESPONSE_TOO_BIG, "KRB5KRB_ERR_RESPONSE_TOO_BIG"}, 3380 { KRB5_ET_KRB5KRB_ERR_GENERIC, "KRB5KRB_ERR_GENERIC" }, 3381 { KRB5_ET_KRB5KRB_ERR_FIELD_TOOLONG, "KRB5KRB_ERR_FIELD_TOOLONG" }, 3382 { KRB5_ET_KDC_ERROR_CLIENT_NOT_TRUSTED, "KDC_ERROR_CLIENT_NOT_TRUSTED" }, 3383 { KRB5_ET_KDC_ERROR_KDC_NOT_TRUSTED, "KDC_ERROR_KDC_NOT_TRUSTED" }, 3384 { KRB5_ET_KDC_ERROR_INVALID_SIG, "KDC_ERROR_INVALID_SIG" }, 3385 { KRB5_ET_KDC_ERR_KEY_TOO_WEAK, "KDC_ERR_KEY_TOO_WEAK" }, 3386 { KRB5_ET_KDC_ERR_CERTIFICATE_MISMATCH, "KDC_ERR_CERTIFICATE_MISMATCH" }, 3387 { KRB5_ET_KRB_AP_ERR_NO_TGT, "KRB_AP_ERR_NO_TGT" }, 3388 { KRB5_ET_KDC_ERR_WRONG_REALM, "KDC_ERR_WRONG_REALM" }, 3389 { KRB5_ET_KRB_AP_ERR_USER_TO_USER_REQUIRED, "KRB_AP_ERR_USER_TO_USER_REQUIRED" }, 3390 { KRB5_ET_KDC_ERR_CANT_VERIFY_CERTIFICATE, "KDC_ERR_CANT_VERIFY_CERTIFICATE" }, 3391 { KRB5_ET_KDC_ERR_INVALID_CERTIFICATE, "KDC_ERR_INVALID_CERTIFICATE" }, 3392 { KRB5_ET_KDC_ERR_REVOKED_CERTIFICATE, "KDC_ERR_REVOKED_CERTIFICATE" }, 3393 { KRB5_ET_KDC_ERR_REVOCATION_STATUS_UNKNOWN, "KDC_ERR_REVOCATION_STATUS_UNKNOWN" }, 3394 { KRB5_ET_KDC_ERR_REVOCATION_STATUS_UNAVAILABLE, "KDC_ERR_REVOCATION_STATUS_UNAVAILABLE" }, 3395 { KRB5_ET_KDC_ERR_CLIENT_NAME_MISMATCH, "KDC_ERR_CLIENT_NAME_MISMATCH" }, 3396 { KRB5_ET_KDC_ERR_KDC_NAME_MISMATCH, "KDC_ERR_KDC_NAME_MISMATCH" }, 3397 { KRB5_ET_KDC_ERR_PREAUTH_EXPIRED, "KDC_ERR_PREAUTH_EXPIRED" }, 3398 { KRB5_ET_KDC_ERR_MORE_PREAUTH_DATA_REQUIRED, "KDC_ERR_MORE_PREAUTH_DATA_REQUIRED" }, 3399 { KRB5_ET_KDC_ERR_PREAUTH_BAD_AUTHENTICATION_SET, "KDC_ERR_PREAUTH_BAD_AUTHENTICATION_SET" }, 3400 { KRB5_ET_KDC_ERR_UNKNOWN_CRITICAL_FAST_OPTIONS, "KDC_ERR_UNKNOWN_CRITICAL_FAST_OPTIONS" }, 3401 { 0, NULL } 3402 }; 3403 3404 3405 #define PAC_LOGON_INFO 1 3406 #define PAC_CREDENTIAL_TYPE 2 3407 #define PAC_SERVER_CHECKSUM 6 3408 #define PAC_PRIVSVR_CHECKSUM 7 3409 #define PAC_CLIENT_INFO_TYPE 10 3410 #define PAC_S4U_DELEGATION_INFO 11 3411 #define PAC_UPN_DNS_INFO 12 3412 #define PAC_CLIENT_CLAIMS_INFO 13 3413 #define PAC_DEVICE_INFO 14 3414 #define PAC_DEVICE_CLAIMS_INFO 15 3415 #define PAC_TICKET_CHECKSUM 16 3416 static const value_string w2k_pac_types[] = { 3417 { PAC_LOGON_INFO , "Logon Info" }, 3418 { PAC_CREDENTIAL_TYPE , "Credential Type" }, 3419 { PAC_SERVER_CHECKSUM , "Server Checksum" }, 3420 { PAC_PRIVSVR_CHECKSUM , "Privsvr Checksum" }, 3421 { PAC_CLIENT_INFO_TYPE , "Client Info Type" }, 3422 { PAC_S4U_DELEGATION_INFO , "S4U Delegation Info" }, 3423 { PAC_UPN_DNS_INFO , "UPN DNS Info" }, 3424 { PAC_CLIENT_CLAIMS_INFO , "Client Claims Info" }, 3425 { PAC_DEVICE_INFO , "Device Info" }, 3426 { PAC_DEVICE_CLAIMS_INFO , "Device Claims Info" }, 3427 { PAC_TICKET_CHECKSUM , "Ticket Checksum" }, 3428 { 0, NULL }, 3429 }; 3430 3431 static const value_string krb5_msg_types[] = { 3432 { KRB5_MSG_TICKET, "Ticket" }, 3433 { KRB5_MSG_AUTHENTICATOR, "Authenticator" }, 3434 { KRB5_MSG_ENC_TICKET_PART, "EncTicketPart" }, 3435 { KRB5_MSG_TGS_REQ, "TGS-REQ" }, 3436 { KRB5_MSG_TGS_REP, "TGS-REP" }, 3437 { KRB5_MSG_AS_REQ, "AS-REQ" }, 3438 { KRB5_MSG_AS_REP, "AS-REP" }, 3439 { KRB5_MSG_AP_REQ, "AP-REQ" }, 3440 { KRB5_MSG_AP_REP, "AP-REP" }, 3441 { KRB5_MSG_TGT_REQ, "TGT-REQ" }, 3442 { KRB5_MSG_TGT_REP, "TGT-REP" }, 3443 { KRB5_MSG_SAFE, "KRB-SAFE" }, 3444 { KRB5_MSG_PRIV, "KRB-PRIV" }, 3445 { KRB5_MSG_CRED, "KRB-CRED" }, 3446 { KRB5_MSG_ENC_AS_REP_PART, "EncASRepPart" }, 3447 { KRB5_MSG_ENC_TGS_REP_PART, "EncTGSRepPart" }, 3448 { KRB5_MSG_ENC_AP_REP_PART, "EncAPRepPart" }, 3449 { KRB5_MSG_ENC_KRB_PRIV_PART, "EncKrbPrivPart" }, 3450 { KRB5_MSG_ENC_KRB_CRED_PART, "EncKrbCredPart" }, 3451 { KRB5_MSG_ERROR, "KRB-ERROR" }, 3452 { 0, NULL }, 3453 }; 3454 3455 #define KRB5_GSS_C_DELEG_FLAG 0x01 3456 #define KRB5_GSS_C_MUTUAL_FLAG 0x02 3457 #define KRB5_GSS_C_REPLAY_FLAG 0x04 3458 #define KRB5_GSS_C_SEQUENCE_FLAG 0x08 3459 #define KRB5_GSS_C_CONF_FLAG 0x10 3460 #define KRB5_GSS_C_INTEG_FLAG 0x20 3461 #define KRB5_GSS_C_DCE_STYLE 0x1000 3462 3463 static const true_false_string tfs_gss_flags_deleg = { 3464 "Delegate credentials to remote peer", 3465 "Do NOT delegate" 3466 }; 3467 static const true_false_string tfs_gss_flags_mutual = { 3468 "Request that remote peer authenticates itself", 3469 "Mutual authentication NOT required" 3470 }; 3471 static const true_false_string tfs_gss_flags_replay = { 3472 "Enable replay protection for signed or sealed messages", 3473 "Do NOT enable replay protection" 3474 }; 3475 static const true_false_string tfs_gss_flags_sequence = { 3476 "Enable Out-of-sequence detection for sign or sealed messages", 3477 "Do NOT enable out-of-sequence detection" 3478 }; 3479 static const true_false_string tfs_gss_flags_conf = { 3480 "Confidentiality (sealing) may be invoked", 3481 "Do NOT use Confidentiality (sealing)" 3482 }; 3483 static const true_false_string tfs_gss_flags_integ = { 3484 "Integrity protection (signing) may be invoked", 3485 "Do NOT use integrity protection" 3486 }; 3487 3488 static const true_false_string tfs_gss_flags_dce_style = { 3489 "DCE-STYLE", 3490 "Not using DCE-STYLE" 3491 }; 3492 3493 #ifdef HAVE_KERBEROS 3494 static guint8 * 3495 decrypt_krb5_data_asn1(proto_tree *tree, asn1_ctx_t *actx, 3496 int usage, tvbuff_t *cryptotvb, int *datalen) 3497 { 3498 kerberos_private_data_t *private_data = kerberos_get_private_data(actx); 3499 3500 #ifdef HAVE_DECRYPT_KRB5_DATA_PRIVATE 3501 return decrypt_krb5_data_private(tree, actx->pinfo, private_data, 3502 usage, cryptotvb, 3503 private_data->etype, 3504 datalen); 3505 #else 3506 return decrypt_krb5_data(tree, actx->pinfo, usage, cryptotvb, 3507 private_data->etype, datalen); 3508 #endif 3509 } 3510 3511 static int 3512 dissect_krb5_decrypt_ticket_data (gboolean imp_tag _U_, tvbuff_t *tvb, int offset, asn1_ctx_t *actx, 3513 proto_tree *tree, int hf_index _U_) 3514 { 3515 guint8 *plaintext; 3516 int length; 3517 tvbuff_t *next_tvb; 3518 3519 next_tvb=tvb_new_subset_remaining(tvb, offset); 3520 length=tvb_captured_length_remaining(tvb, offset); 3521 3522 /* draft-ietf-krb-wg-kerberos-clarifications-05.txt : 3523 * 7.5.1 3524 * All Ticket encrypted parts use usage == 2 3525 */ 3526 plaintext=decrypt_krb5_data_asn1(tree, actx, 2, next_tvb, &length); 3527 3528 if(plaintext){ 3529 kerberos_private_data_t *private_data = kerberos_get_private_data(actx); 3530 tvbuff_t *last_ticket_enc_part_tvb = private_data->last_ticket_enc_part_tvb; 3531 tvbuff_t *child_tvb; 3532 child_tvb = tvb_new_child_real_data(tvb, plaintext, length, length); 3533 3534 /* Add the decrypted data to the data source list. */ 3535 add_new_data_source(actx->pinfo, child_tvb, "Krb5 Ticket"); 3536 3537 private_data->last_ticket_enc_part_tvb = child_tvb; 3538 offset=dissect_kerberos_Applications(FALSE, child_tvb, 0, actx , tree, /* hf_index*/ -1); 3539 private_data->last_ticket_enc_part_tvb = last_ticket_enc_part_tvb; 3540 } 3541 return offset; 3542 } 3543 3544 static int 3545 dissect_krb5_decrypt_authenticator_data (gboolean imp_tag _U_, tvbuff_t *tvb, int offset, asn1_ctx_t *actx, 3546 proto_tree *tree, int hf_index _U_) 3547 { 3548 kerberos_private_data_t *private_data = kerberos_get_private_data(actx); 3549 guint8 *plaintext; 3550 int length; 3551 tvbuff_t *next_tvb; 3552 3553 next_tvb=tvb_new_subset_remaining(tvb, offset); 3554 length=tvb_captured_length_remaining(tvb, offset); 3555 3556 /* draft-ietf-krb-wg-kerberos-clarifications-05.txt : 3557 * 7.5.1 3558 * Authenticators are encrypted with usage 3559 * == 7 or 3560 * == 11 3561 * 3562 * 7. TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator 3563 * (includes TGS authenticator subkey), encrypted with the 3564 * TGS session key (section 5.5.1) 3565 * 11. AP-REQ Authenticator (includes application 3566 * authenticator subkey), encrypted with the application 3567 * session key (section 5.5.1) 3568 */ 3569 if (private_data->within_PA_TGS_REQ > 0) { 3570 plaintext=decrypt_krb5_data_asn1(tree, actx, 7, next_tvb, &length); 3571 } else { 3572 plaintext=decrypt_krb5_data_asn1(tree, actx, 11, next_tvb, &length); 3573 } 3574 3575 if(plaintext){ 3576 tvbuff_t *child_tvb; 3577 child_tvb = tvb_new_child_real_data(tvb, plaintext, length, length); 3578 3579 /* Add the decrypted data to the data source list. */ 3580 add_new_data_source(actx->pinfo, child_tvb, "Krb5 Authenticator"); 3581 3582 offset=dissect_kerberos_Applications(FALSE, child_tvb, 0, actx , tree, /* hf_index*/ -1); 3583 } 3584 return offset; 3585 } 3586 3587 static int 3588 dissect_krb5_decrypt_authorization_data(gboolean imp_tag _U_, tvbuff_t *tvb, int offset, asn1_ctx_t *actx, 3589 proto_tree *tree, int hf_index _U_) 3590 { 3591 kerberos_private_data_t *private_data = kerberos_get_private_data(actx); 3592 guint8 *plaintext; 3593 int length; 3594 tvbuff_t *next_tvb; 3595 3596 next_tvb=tvb_new_subset_remaining(tvb, offset); 3597 length=tvb_captured_length_remaining(tvb, offset); 3598 3599 /* draft-ietf-krb-wg-kerberos-clarifications-05.txt : 3600 * 7.5.1 3601 * Authenticators are encrypted with usage 3602 * == 5 or 3603 * == 4 3604 * 3605 * 4. TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with 3606 * the TGS session key (section 5.4.1) 3607 * 5. TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with 3608 * the TGS authenticator subkey (section 5.4.1) 3609 */ 3610 if (private_data->PA_TGS_REQ_subkey != NULL) { 3611 plaintext=decrypt_krb5_data_asn1(tree, actx, 5, next_tvb, &length); 3612 } else { 3613 plaintext=decrypt_krb5_data_asn1(tree, actx, 4, next_tvb, &length); 3614 } 3615 3616 if(plaintext){ 3617 tvbuff_t *child_tvb; 3618 child_tvb = tvb_new_child_real_data(tvb, plaintext, length, length); 3619 3620 /* Add the decrypted data to the data source list. */ 3621 add_new_data_source(actx->pinfo, child_tvb, "Krb5 AuthorizationData"); 3622 3623 offset=dissect_kerberos_AuthorizationData(FALSE, child_tvb, 0, actx , tree, /* hf_index*/ -1); 3624 } 3625 return offset; 3626 } 3627 3628 static int 3629 dissect_krb5_decrypt_KDC_REP_data (gboolean imp_tag _U_, tvbuff_t *tvb, int offset, asn1_ctx_t *actx, 3630 proto_tree *tree, int hf_index _U_) 3631 { 3632 kerberos_private_data_t *private_data = kerberos_get_private_data(actx); 3633 guint8 *plaintext = NULL; 3634 int length; 3635 tvbuff_t *next_tvb; 3636 3637 next_tvb=tvb_new_subset_remaining(tvb, offset); 3638 length=tvb_captured_length_remaining(tvb, offset); 3639 3640 /* draft-ietf-krb-wg-kerberos-clarifications-05.txt : 3641 * 7.5.1 3642 * ASREP/TGSREP encryptedparts are encrypted with usage 3643 * == 3 or 3644 * == 8 or 3645 * == 9 3646 * 3647 * 3. AS-REP encrypted part (includes TGS session key or 3648 * application session key), encrypted with the client key 3649 * (section 5.4.2) 3650 * 3651 * 8. TGS-REP encrypted part (includes application session 3652 * key), encrypted with the TGS session key (section 3653 * 5.4.2) 3654 * 9. TGS-REP encrypted part (includes application session 3655 * key), encrypted with the TGS authenticator subkey 3656 * (section 5.4.2) 3657 * 3658 * We currently don't have a way to find the TGS-REQ state 3659 * in order to check if an authenticator subkey was used. 3660 * 3661 * But if we client used FAST and we got a strengthen_key, 3662 * we're sure an authenticator subkey was used. 3663 * 3664 * Windows don't use an authenticator subkey without FAST, 3665 * but heimdal does. 3666 * 3667 * For now try 8 before 9 in order to avoid overhead and false 3668 * positives for the 'kerberos.missing_keytype' filter in pure 3669 * windows captures. 3670 */ 3671 switch (private_data->msg_type) { 3672 case KERBEROS_APPLICATIONS_AS_REP: 3673 plaintext=decrypt_krb5_data_asn1(tree, actx, 3, next_tvb, &length); 3674 break; 3675 case KERBEROS_APPLICATIONS_TGS_REP: 3676 if (private_data->fast_strengthen_key != NULL) { 3677 plaintext=decrypt_krb5_data_asn1(tree, actx, 9, next_tvb, &length); 3678 } else { 3679 plaintext=decrypt_krb5_data_asn1(tree, actx, 8, next_tvb, &length); 3680 if(!plaintext){ 3681 plaintext=decrypt_krb5_data_asn1(tree, actx, 9, next_tvb, &length); 3682 } 3683 } 3684 break; 3685 } 3686 3687 if(plaintext){ 3688 tvbuff_t *child_tvb; 3689 child_tvb = tvb_new_child_real_data(tvb, plaintext, length, length); 3690 3691 /* Add the decrypted data to the data source list. */ 3692 add_new_data_source(actx->pinfo, child_tvb, "Krb5 KDC-REP"); 3693 3694 offset=dissect_kerberos_Applications(FALSE, child_tvb, 0, actx , tree, /* hf_index*/ -1); 3695 } 3696 return offset; 3697 } 3698 3699 static int 3700 dissect_krb5_decrypt_PA_ENC_TIMESTAMP (gboolean imp_tag _U_, tvbuff_t *tvb, int offset, asn1_ctx_t *actx, 3701 proto_tree *tree, int hf_index _U_) 3702 { 3703 guint8 *plaintext; 3704 int length; 3705 tvbuff_t *next_tvb; 3706 3707 next_tvb=tvb_new_subset_remaining(tvb, offset); 3708 length=tvb_captured_length_remaining(tvb, offset); 3709 3710 /* draft-ietf-krb-wg-kerberos-clarifications-05.txt : 3711 * 7.5.1 3712 * AS-REQ PA_ENC_TIMESTAMP are encrypted with usage 3713 * == 1 3714 */ 3715 plaintext=decrypt_krb5_data_asn1(tree, actx, 1, next_tvb, &length); 3716 3717 if(plaintext){ 3718 tvbuff_t *child_tvb; 3719 child_tvb = tvb_new_child_real_data(tvb, plaintext, length, length); 3720 3721 /* Add the decrypted data to the data source list. */ 3722 add_new_data_source(actx->pinfo, child_tvb, "Krb5 EncTimestamp"); 3723 3724 offset=dissect_kerberos_PA_ENC_TS_ENC(FALSE, child_tvb, 0, actx , tree, /* hf_index*/ -1); 3725 } 3726 return offset; 3727 } 3728 3729 static int 3730 dissect_krb5_decrypt_AP_REP_data (gboolean imp_tag _U_, tvbuff_t *tvb, int offset, asn1_ctx_t *actx, 3731 proto_tree *tree, int hf_index _U_) 3732 { 3733 guint8 *plaintext; 3734 int length; 3735 tvbuff_t *next_tvb; 3736 3737 next_tvb=tvb_new_subset_remaining(tvb, offset); 3738 length=tvb_captured_length_remaining(tvb, offset); 3739 3740 /* draft-ietf-krb-wg-kerberos-clarifications-05.txt : 3741 * 7.5.1 3742 * AP-REP are encrypted with usage == 12 3743 */ 3744 plaintext=decrypt_krb5_data_asn1(tree, actx, 12, next_tvb, &length); 3745 3746 if(plaintext){ 3747 tvbuff_t *child_tvb; 3748 child_tvb = tvb_new_child_real_data(tvb, plaintext, length, length); 3749 3750 /* Add the decrypted data to the data source list. */ 3751 add_new_data_source(actx->pinfo, child_tvb, "Krb5 AP-REP"); 3752 3753 offset=dissect_kerberos_Applications(FALSE, child_tvb, 0, actx , tree, /* hf_index*/ -1); 3754 } 3755 return offset; 3756 } 3757 3758 static int 3759 dissect_krb5_decrypt_PRIV_data (gboolean imp_tag _U_, tvbuff_t *tvb, int offset, asn1_ctx_t *actx, 3760 proto_tree *tree, int hf_index _U_) 3761 { 3762 guint8 *plaintext; 3763 int length; 3764 tvbuff_t *next_tvb; 3765 3766 next_tvb=tvb_new_subset_remaining(tvb, offset); 3767 length=tvb_captured_length_remaining(tvb, offset); 3768 3769 /* RFC4120 : 3770 * EncKrbPrivPart encrypted with usage 3771 * == 13 3772 */ 3773 plaintext=decrypt_krb5_data_asn1(tree, actx, 13, next_tvb, &length); 3774 3775 if(plaintext){ 3776 tvbuff_t *child_tvb; 3777 child_tvb = tvb_new_child_real_data(tvb, plaintext, length, length); 3778 3779 /* Add the decrypted data to the data source list. */ 3780 add_new_data_source(actx->pinfo, child_tvb, "Krb5 PRIV"); 3781 3782 offset=dissect_kerberos_Applications(FALSE, child_tvb, 0, actx , tree, /* hf_index*/ -1); 3783 } 3784 return offset; 3785 } 3786 3787 static int 3788 dissect_krb5_decrypt_CRED_data (gboolean imp_tag _U_, tvbuff_t *tvb, int offset, asn1_ctx_t *actx, 3789 proto_tree *tree, int hf_index _U_) 3790 { 3791 guint8 *plaintext; 3792 int length; 3793 tvbuff_t *next_tvb; 3794 3795 next_tvb=tvb_new_subset_remaining(tvb, offset); 3796 length=tvb_captured_length_remaining(tvb, offset); 3797 3798 /* RFC4120 : 3799 * EncKrbCredPart encrypted with usage 3800 * == 14 3801 */ 3802 plaintext=decrypt_krb5_data_asn1(tree, actx, 14, next_tvb, &length); 3803 3804 if(plaintext){ 3805 tvbuff_t *child_tvb; 3806 child_tvb = tvb_new_child_real_data(tvb, plaintext, length, length); 3807 3808 /* Add the decrypted data to the data source list. */ 3809 add_new_data_source(actx->pinfo, child_tvb, "Krb5 CRED"); 3810 3811 offset=dissect_kerberos_Applications(FALSE, child_tvb, 0, actx , tree, /* hf_index*/ -1); 3812 } 3813 return offset; 3814 } 3815 3816 static int 3817 dissect_krb5_decrypt_KrbFastReq(gboolean imp_tag _U_, tvbuff_t *tvb, int offset, asn1_ctx_t *actx, 3818 proto_tree *tree, int hf_index _U_) 3819 { 3820 guint8 *plaintext; 3821 int length; 3822 kerberos_private_data_t *private_data = kerberos_get_private_data(actx); 3823 tvbuff_t *next_tvb; 3824 3825 next_tvb=tvb_new_subset_remaining(tvb, offset); 3826 length=tvb_captured_length_remaining(tvb, offset); 3827 3828 private_data->fast_armor_key = NULL; 3829 if (private_data->PA_FAST_ARMOR_AP_subkey != NULL) { 3830 krb5_fast_key(actx, tree, tvb, 3831 private_data->PA_FAST_ARMOR_AP_subkey, 3832 "subkeyarmor", 3833 private_data->PA_FAST_ARMOR_AP_key, 3834 "ticketarmor", 3835 "KrbFastReq_FAST_armorKey"); 3836 if (private_data->PA_TGS_REQ_subkey != NULL) { 3837 enc_key_t *explicit_armor_key = private_data->last_added_key; 3838 3839 /* 3840 * See [MS-KILE] 3.3.5.7.4 Compound Identity 3841 */ 3842 krb5_fast_key(actx, tree, tvb, 3843 explicit_armor_key, 3844 "explicitarmor", 3845 private_data->PA_TGS_REQ_subkey, 3846 "tgsarmor", 3847 "KrbFastReq_explicitArmorKey"); 3848 } 3849 private_data->fast_armor_key = private_data->last_added_key; 3850 } else if (private_data->PA_TGS_REQ_subkey != NULL) { 3851 krb5_fast_key(actx, tree, tvb, 3852 private_data->PA_TGS_REQ_subkey, 3853 "subkeyarmor", 3854 private_data->PA_TGS_REQ_key, 3855 "ticketarmor", 3856 "KrbFastReq_TGS_armorKey"); 3857 private_data->fast_armor_key = private_data->last_added_key; 3858 } 3859 3860 /* RFC6113 : 3861 * KrbFastResponse encrypted with usage 3862 * KEY_USAGE_FAST_ENC 51 3863 */ 3864 plaintext=decrypt_krb5_data_asn1(tree, actx, KEY_USAGE_FAST_ENC, 3865 next_tvb, &length); 3866 3867 if(plaintext){ 3868 tvbuff_t *child_tvb; 3869 child_tvb = tvb_new_child_real_data(tvb, plaintext, length, length); 3870 3871 /* Add the decrypted data to the data source list. */ 3872 add_new_data_source(actx->pinfo, child_tvb, "Krb5 FastReq"); 3873 3874 offset=dissect_kerberos_KrbFastReq(FALSE, child_tvb, 0, actx , tree, /* hf_index*/ -1); 3875 } 3876 return offset; 3877 } 3878 3879 static int 3880 dissect_krb5_decrypt_KrbFastResponse(gboolean imp_tag _U_, tvbuff_t *tvb, int offset, asn1_ctx_t *actx, 3881 proto_tree *tree, int hf_index _U_) 3882 { 3883 guint8 *plaintext; 3884 int length; 3885 kerberos_private_data_t *private_data = kerberos_get_private_data(actx); 3886 tvbuff_t *next_tvb; 3887 3888 next_tvb=tvb_new_subset_remaining(tvb, offset); 3889 length=tvb_captured_length_remaining(tvb, offset); 3890 3891 /* 3892 * RFC6113 : 3893 * KrbFastResponse encrypted with usage 3894 * KEY_USAGE_FAST_REP 52 3895 */ 3896 plaintext=decrypt_krb5_data_asn1(tree, actx, KEY_USAGE_FAST_REP, 3897 next_tvb, &length); 3898 3899 if(plaintext){ 3900 tvbuff_t *child_tvb; 3901 child_tvb = tvb_new_child_real_data(tvb, plaintext, length, length); 3902 3903 /* Add the decrypted data to the data source list. */ 3904 add_new_data_source(actx->pinfo, child_tvb, "Krb5 FastRep"); 3905 3906 private_data->fast_armor_key = private_data->last_decryption_key; 3907 offset=dissect_kerberos_KrbFastResponse(FALSE, child_tvb, 0, actx , tree, /* hf_index*/ -1); 3908 } 3909 return offset; 3910 } 3911 3912 static int 3913 dissect_krb5_decrypt_EncryptedChallenge(gboolean imp_tag _U_, tvbuff_t *tvb, int offset, asn1_ctx_t *actx, 3914 proto_tree *tree, int hf_index _U_) 3915 { 3916 guint8 *plaintext; 3917 int length; 3918 kerberos_private_data_t *private_data = kerberos_get_private_data(actx); 3919 tvbuff_t *next_tvb; 3920 int usage = 0; 3921 const char *name = NULL; 3922 3923 next_tvb=tvb_new_subset_remaining(tvb, offset); 3924 length=tvb_captured_length_remaining(tvb, offset); 3925 3926 /* RFC6113 : 3927 * KEY_USAGE_ENC_CHALLENGE_CLIENT 54 3928 * KEY_USAGE_ENC_CHALLENGE_KDC 55 3929 */ 3930 if (kerberos_private_is_kdc_req(private_data)) { 3931 usage = KEY_USAGE_ENC_CHALLENGE_CLIENT; 3932 name = "Krb5 CHALLENGE_CLIENT"; 3933 } else { 3934 usage = KEY_USAGE_ENC_CHALLENGE_KDC; 3935 name = "Krb5 CHALLENGE_KDC"; 3936 } 3937 plaintext=decrypt_krb5_data_asn1(tree, actx, usage, next_tvb, &length); 3938 3939 if(plaintext){ 3940 tvbuff_t *child_tvb; 3941 child_tvb = tvb_new_child_real_data(tvb, plaintext, length, length); 3942 3943 /* Add the decrypted data to the data source list. */ 3944 add_new_data_source(actx->pinfo, child_tvb, name); 3945 3946 offset=dissect_kerberos_PA_ENC_TS_ENC(FALSE, child_tvb, 0, actx , tree, /* hf_index*/ -1); 3947 } 3948 return offset; 3949 } 3950 #endif /* HAVE_KERBEROS */ 3951 3952 static int * const hf_krb_pa_supported_enctypes_fields[] = { 3953 &hf_krb_pa_supported_enctypes_des_cbc_crc, 3954 &hf_krb_pa_supported_enctypes_des_cbc_md5, 3955 &hf_krb_pa_supported_enctypes_rc4_hmac, 3956 &hf_krb_pa_supported_enctypes_aes128_cts_hmac_sha1_96, 3957 &hf_krb_pa_supported_enctypes_aes256_cts_hmac_sha1_96, 3958 &hf_krb_pa_supported_enctypes_fast_supported, 3959 &hf_krb_pa_supported_enctypes_compound_identity_supported, 3960 &hf_krb_pa_supported_enctypes_claims_supported, 3961 &hf_krb_pa_supported_enctypes_resource_sid_compression_disabled, 3962 NULL, 3963 }; 3964 3965 static int 3966 dissect_kerberos_PA_SUPPORTED_ENCTYPES(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, 3967 int offset _U_, asn1_ctx_t *actx _U_, 3968 proto_tree *tree _U_, int hf_index _U_) 3969 { 3970 actx->created_item = proto_tree_add_bitmask(tree, tvb, offset, 3971 hf_krb_pa_supported_enctypes, 3972 ett_krb_pa_supported_enctypes, 3973 hf_krb_pa_supported_enctypes_fields, 3974 ENC_LITTLE_ENDIAN); 3975 offset += 4; 3976 3977 return offset; 3978 } 3979 3980 static int * const hf_krb_ad_ap_options_fields[] = { 3981 &hf_krb_ad_ap_options_cbt, 3982 NULL, 3983 }; 3984 3985 3986 static int 3987 dissect_kerberos_AD_AP_OPTIONS(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, 3988 int offset _U_, asn1_ctx_t *actx _U_, 3989 proto_tree *tree _U_, int hf_index _U_) 3990 { 3991 actx->created_item = proto_tree_add_bitmask(tree, tvb, offset, 3992 hf_krb_ad_ap_options, 3993 ett_krb_ad_ap_options, 3994 hf_krb_ad_ap_options_fields, 3995 ENC_LITTLE_ENDIAN); 3996 offset += 4; 3997 3998 return offset; 3999 } 4000 4001 static int 4002 dissect_kerberos_AD_TARGET_PRINCIPAL(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, 4003 int offset _U_, asn1_ctx_t *actx _U_, 4004 proto_tree *tree _U_, int hf_index _U_) 4005 { 4006 int tp_offset, tp_len; 4007 guint16 bc; 4008 4009 bc = tvb_reported_length_remaining(tvb, offset); 4010 tp_offset = offset; 4011 tp_len = bc; 4012 proto_tree_add_item(tree, hf_krb_ad_target_principal, tvb, 4013 tp_offset, tp_len, 4014 ENC_UTF_16 | ENC_LITTLE_ENDIAN); 4015 4016 return offset; 4017 } 4018 4019 /* Dissect a GSSAPI checksum as per RFC1964. This is NOT ASN.1 encoded. 4020 */ 4021 static int 4022 dissect_krb5_rfc1964_checksum(asn1_ctx_t *actx _U_, proto_tree *tree, tvbuff_t *tvb) 4023 { 4024 int offset=0; 4025 guint32 len; 4026 guint16 dlglen; 4027 4028 /* Length of Bnd field */ 4029 len=tvb_get_letohl(tvb, offset); 4030 proto_tree_add_item(tree, hf_krb_gssapi_len, tvb, offset, 4, ENC_LITTLE_ENDIAN); 4031 offset += 4; 4032 4033 /* Bnd field */ 4034 proto_tree_add_item(tree, hf_krb_gssapi_bnd, tvb, offset, len, ENC_NA); 4035 offset += len; 4036 4037 4038 /* flags */ 4039 proto_tree_add_item(tree, hf_krb_gssapi_c_flag_dce_style, tvb, offset, 4, ENC_LITTLE_ENDIAN); 4040 proto_tree_add_item(tree, hf_krb_gssapi_c_flag_integ, tvb, offset, 4, ENC_LITTLE_ENDIAN); 4041 proto_tree_add_item(tree, hf_krb_gssapi_c_flag_conf, tvb, offset, 4, ENC_LITTLE_ENDIAN); 4042 proto_tree_add_item(tree, hf_krb_gssapi_c_flag_sequence, tvb, offset, 4, ENC_LITTLE_ENDIAN); 4043 proto_tree_add_item(tree, hf_krb_gssapi_c_flag_replay, tvb, offset, 4, ENC_LITTLE_ENDIAN); 4044 proto_tree_add_item(tree, hf_krb_gssapi_c_flag_mutual, tvb, offset, 4, ENC_LITTLE_ENDIAN); 4045 proto_tree_add_item(tree, hf_krb_gssapi_c_flag_deleg, tvb, offset, 4, ENC_LITTLE_ENDIAN); 4046 offset += 4; 4047 4048 /* the next fields are optional so we have to check that we have 4049 * more data in our buffers */ 4050 if(tvb_reported_length_remaining(tvb, offset)<2){ 4051 return offset; 4052 } 4053 /* dlgopt identifier */ 4054 proto_tree_add_item(tree, hf_krb_gssapi_dlgopt, tvb, offset, 2, ENC_LITTLE_ENDIAN); 4055 offset += 2; 4056 4057 if(tvb_reported_length_remaining(tvb, offset)<2){ 4058 return offset; 4059 } 4060 /* dlglen identifier */ 4061 dlglen=tvb_get_letohs(tvb, offset); 4062 proto_tree_add_item(tree, hf_krb_gssapi_dlglen, tvb, offset, 2, ENC_LITTLE_ENDIAN); 4063 offset += 2; 4064 4065 if(dlglen!=tvb_reported_length_remaining(tvb, offset)){ 4066 proto_tree_add_expert_format(tree, actx->pinfo, &ei_krb_gssapi_dlglen, tvb, 0, 0, 4067 "Error: DlgLen:%d is not the same as number of bytes remaining:%d", dlglen, tvb_captured_length_remaining(tvb, offset)); 4068 return offset; 4069 } 4070 4071 /* this should now be a KRB_CRED message */ 4072 offset=dissect_kerberos_Applications(FALSE, tvb, offset, actx, tree, /* hf_index */ -1); 4073 4074 return offset; 4075 } 4076 4077 static int 4078 dissect_krb5_PA_PROV_SRV_LOCATION(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) 4079 { 4080 offset=dissect_ber_GeneralString(actx, tree, tvb, offset, hf_krb_provsrv_location, NULL, 0); 4081 4082 return offset; 4083 } 4084 4085 static int 4086 dissect_krb5_PW_SALT(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) 4087 { 4088 kerberos_private_data_t *private_data = kerberos_get_private_data(actx); 4089 gint length; 4090 guint32 nt_status = 0; 4091 guint32 reserved = 0; 4092 guint32 flags = 0; 4093 4094 /* 4095 * Microsoft stores a special 12 byte blob here 4096 * [MS-KILE] 2.2.1 KERB-EXT-ERROR 4097 * guint32 NT_status 4098 * guint32 reserved (== 0) 4099 * guint32 flags (at least 0x00000001 is set) 4100 */ 4101 length = tvb_reported_length_remaining(tvb, offset); 4102 if (length <= 0) { 4103 return offset; 4104 } 4105 if (length != 12) { 4106 goto no_error; 4107 } 4108 4109 if (private_data->errorcode == 0) { 4110 goto no_error; 4111 } 4112 4113 if (!private_data->try_nt_status) { 4114 goto no_error; 4115 } 4116 4117 nt_status = tvb_get_letohl(tvb, offset); 4118 reserved = tvb_get_letohl(tvb, offset + 4); 4119 flags = tvb_get_letohl(tvb, offset + 8); 4120 4121 if (nt_status == 0 || reserved != 0 || flags == 0) { 4122 goto no_error; 4123 } 4124 4125 proto_tree_add_item(tree, hf_krb_ext_error_nt_status, tvb, offset, 4, 4126 ENC_LITTLE_ENDIAN); 4127 col_append_fstr(actx->pinfo->cinfo, COL_INFO, 4128 " NT Status: %s", 4129 val_to_str(nt_status, NT_errors, 4130 "Unknown error code %#x")); 4131 offset += 4; 4132 4133 proto_tree_add_item(tree, hf_krb_ext_error_reserved, tvb, offset, 4, 4134 ENC_LITTLE_ENDIAN); 4135 offset += 4; 4136 4137 proto_tree_add_item(tree, hf_krb_ext_error_flags, tvb, offset, 4, 4138 ENC_LITTLE_ENDIAN); 4139 offset += 4; 4140 4141 return offset; 4142 4143 no_error: 4144 proto_tree_add_item(tree, hf_krb_pw_salt, tvb, offset, length, ENC_NA); 4145 offset += length; 4146 4147 return offset; 4148 } 4149 4150 static int 4151 dissect_krb5_PAC_DREP(proto_tree *parent_tree, tvbuff_t *tvb, int offset, guint8 *drep) 4152 { 4153 proto_tree *tree; 4154 guint8 val; 4155 4156 tree = proto_tree_add_subtree(parent_tree, tvb, offset, 16, ett_krb_pac_drep, NULL, "DREP"); 4157 4158 val = tvb_get_guint8(tvb, offset); 4159 proto_tree_add_uint(tree, hf_dcerpc_drep_byteorder, tvb, offset, 1, val>>4); 4160 4161 offset++; 4162 4163 if (drep) { 4164 *drep = val; 4165 } 4166 4167 return offset; 4168 } 4169 4170 /* This might be some sort of header that MIDL generates when creating 4171 * marshalling/unmarshalling code for blobs that are not to be transported 4172 * ontop of DCERPC and where the DREP fields specifying things such as 4173 * endianess and similar are not available. 4174 */ 4175 static int 4176 dissect_krb5_PAC_NDRHEADERBLOB(proto_tree *parent_tree, tvbuff_t *tvb, int offset, guint8 *drep, asn1_ctx_t *actx _U_) 4177 { 4178 proto_tree *tree; 4179 4180 tree = proto_tree_add_subtree(parent_tree, tvb, offset, 16, ett_krb_pac_midl_blob, NULL, "MES header"); 4181 4182 /* modified DREP field that is used for stuff that is transporetd ontop 4183 of non dcerpc 4184 */ 4185 proto_tree_add_item(tree, hf_krb_midl_version, tvb, offset, 1, ENC_LITTLE_ENDIAN); 4186 offset++; 4187 4188 offset = dissect_krb5_PAC_DREP(tree, tvb, offset, drep); 4189 4190 4191 proto_tree_add_item(tree, hf_krb_midl_hdr_len, tvb, offset, 2, ENC_LITTLE_ENDIAN); 4192 offset+=2; 4193 4194 proto_tree_add_item(tree, hf_krb_midl_fill_bytes, tvb, offset, 4, ENC_LITTLE_ENDIAN); 4195 offset += 4; 4196 4197 /* length of blob that follows */ 4198 proto_tree_add_item(tree, hf_krb_midl_blob_len, tvb, offset, 8, ENC_LITTLE_ENDIAN); 4199 offset += 8; 4200 4201 return offset; 4202 } 4203 4204 static int 4205 dissect_krb5_PAC_LOGON_INFO(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_) 4206 { 4207 proto_item *item; 4208 proto_tree *tree; 4209 guint8 drep[4] = { 0x10, 0x00, 0x00, 0x00}; /* fake DREP struct */ 4210 static dcerpc_info di; /* fake dcerpc_info struct */ 4211 static dcerpc_call_value call_data; 4212 4213 item = proto_tree_add_item(parent_tree, hf_krb_pac_logon_info, tvb, offset, -1, ENC_NA); 4214 tree = proto_item_add_subtree(item, ett_krb_pac_logon_info); 4215 4216 /* skip the first 16 bytes, they are some magic created by the idl 4217 * compiler the first 4 bytes might be flags? 4218 */ 4219 offset = dissect_krb5_PAC_NDRHEADERBLOB(tree, tvb, offset, &drep[0], actx); 4220 4221 /* the PAC_LOGON_INFO blob */ 4222 /* fake whatever state the dcerpc runtime support needs */ 4223 di.conformant_run=0; 4224 /* we need di->call_data->flags.NDR64 == 0 */ 4225 di.call_data=&call_data; 4226 init_ndr_pointer_list(&di); 4227 offset = dissect_ndr_pointer(tvb, offset, actx->pinfo, tree, &di, drep, 4228 netlogon_dissect_PAC_LOGON_INFO, NDR_POINTER_UNIQUE, 4229 "PAC_LOGON_INFO:", -1); 4230 4231 return offset; 4232 } 4233 4234 4235 static int 4236 dissect_krb5_PAC_CREDENTIAL_DATA(proto_tree *parent_tree, tvbuff_t *tvb, int offset, packet_info *pinfo _U_) 4237 { 4238 proto_tree_add_item(parent_tree, hf_krb_pac_credential_data, tvb, offset, -1, ENC_NA); 4239 4240 return offset; 4241 } 4242 4243 static int 4244 dissect_krb5_PAC_CREDENTIAL_INFO(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx) 4245 { 4246 proto_item *item; 4247 proto_tree *tree; 4248 guint8 *plaintext = NULL; 4249 int plainlen = 0; 4250 int length = 0; 4251 #define KRB5_KU_OTHER_ENCRYPTED 16 4252 #ifdef HAVE_KERBEROS 4253 guint32 etype; 4254 tvbuff_t *next_tvb; 4255 int usage = KRB5_KU_OTHER_ENCRYPTED; 4256 #endif 4257 4258 item = proto_tree_add_item(parent_tree, hf_krb_pac_credential_info, tvb, offset, -1, ENC_NA); 4259 tree = proto_item_add_subtree(item, ett_krb_pac_credential_info); 4260 4261 /* version */ 4262 proto_tree_add_item(tree, hf_krb_pac_credential_info_version, tvb, 4263 offset, 4, ENC_LITTLE_ENDIAN); 4264 offset+=4; 4265 4266 #ifdef HAVE_KERBEROS 4267 /* etype */ 4268 etype = tvb_get_letohl(tvb, offset); 4269 #endif 4270 proto_tree_add_item(tree, hf_krb_pac_credential_info_etype, tvb, 4271 offset, 4, ENC_LITTLE_ENDIAN); 4272 offset+=4; 4273 4274 #ifdef HAVE_KERBEROS 4275 /* data */ 4276 next_tvb=tvb_new_subset_remaining(tvb, offset); 4277 length=tvb_captured_length_remaining(tvb, offset); 4278 4279 plaintext=decrypt_krb5_data(tree, actx->pinfo, usage, next_tvb, (int)etype, &plainlen); 4280 #endif 4281 4282 if (plaintext != NULL) { 4283 tvbuff_t *child_tvb; 4284 child_tvb = tvb_new_child_real_data(tvb, plaintext, plainlen, plainlen); 4285 4286 /* Add the decrypted data to the data source list. */ 4287 add_new_data_source(actx->pinfo, child_tvb, "Krb5 PAC_CREDENTIAL"); 4288 4289 dissect_krb5_PAC_CREDENTIAL_DATA(tree, child_tvb, 0, actx->pinfo); 4290 } 4291 4292 return offset + length; 4293 } 4294 4295 static int 4296 dissect_krb5_PAC_S4U_DELEGATION_INFO(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx) 4297 { 4298 proto_item *item; 4299 proto_tree *tree; 4300 guint8 drep[4] = { 0x10, 0x00, 0x00, 0x00}; /* fake DREP struct */ 4301 static dcerpc_info di; /* fake dcerpc_info struct */ 4302 static dcerpc_call_value call_data; 4303 4304 item = proto_tree_add_item(parent_tree, hf_krb_pac_s4u_delegation_info, tvb, offset, -1, ENC_NA); 4305 tree = proto_item_add_subtree(item, ett_krb_pac_s4u_delegation_info); 4306 4307 /* skip the first 16 bytes, they are some magic created by the idl 4308 * compiler the first 4 bytes might be flags? 4309 */ 4310 offset = dissect_krb5_PAC_NDRHEADERBLOB(tree, tvb, offset, &drep[0], actx); 4311 4312 4313 /* the S4U_DELEGATION_INFO blob. See [MS-PAC] */ 4314 /* fake whatever state the dcerpc runtime support needs */ 4315 di.conformant_run=0; 4316 /* we need di->call_data->flags.NDR64 == 0 */ 4317 di.call_data=&call_data; 4318 init_ndr_pointer_list(&di); 4319 offset = dissect_ndr_pointer(tvb, offset, actx->pinfo, tree, &di, drep, 4320 netlogon_dissect_PAC_S4U_DELEGATION_INFO, NDR_POINTER_UNIQUE, 4321 "PAC_S4U_DELEGATION_INFO:", -1); 4322 4323 return offset; 4324 } 4325 4326 static int 4327 dissect_krb5_PAC_UPN_DNS_INFO(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_) 4328 { 4329 proto_item *item; 4330 proto_tree *tree; 4331 guint16 dns_offset, dns_len; 4332 guint16 upn_offset, upn_len; 4333 4334 item = proto_tree_add_item(parent_tree, hf_krb_pac_upn_dns_info, tvb, offset, -1, ENC_NA); 4335 tree = proto_item_add_subtree(item, ett_krb_pac_upn_dns_info); 4336 4337 /* upn */ 4338 upn_len = tvb_get_letohs(tvb, offset); 4339 proto_tree_add_item(tree, hf_krb_pac_upn_upn_len, tvb, offset, 2, ENC_LITTLE_ENDIAN); 4340 offset+=2; 4341 upn_offset = tvb_get_letohs(tvb, offset); 4342 proto_tree_add_item(tree, hf_krb_pac_upn_upn_offset, tvb, offset, 2, ENC_LITTLE_ENDIAN); 4343 offset+=2; 4344 4345 /* dns */ 4346 dns_len = tvb_get_letohs(tvb, offset); 4347 proto_tree_add_item(tree, hf_krb_pac_upn_dns_len, tvb, offset, 2, ENC_LITTLE_ENDIAN); 4348 offset+=2; 4349 dns_offset = tvb_get_letohs(tvb, offset); 4350 proto_tree_add_item(tree, hf_krb_pac_upn_dns_offset, tvb, offset, 2, ENC_LITTLE_ENDIAN); 4351 offset+=2; 4352 4353 /* flags */ 4354 proto_tree_add_item(tree, hf_krb_pac_upn_flags, tvb, offset, 4, ENC_LITTLE_ENDIAN); 4355 4356 /* upn */ 4357 proto_tree_add_item(tree, hf_krb_pac_upn_upn_name, tvb, upn_offset, upn_len, ENC_UTF_16|ENC_LITTLE_ENDIAN); 4358 4359 /* dns */ 4360 proto_tree_add_item(tree, hf_krb_pac_upn_dns_name, tvb, dns_offset, dns_len, ENC_UTF_16|ENC_LITTLE_ENDIAN); 4361 4362 return dns_offset; 4363 } 4364 4365 static int 4366 dissect_krb5_PAC_CLIENT_CLAIMS_INFO(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_) 4367 { 4368 int length = tvb_captured_length_remaining(tvb, offset); 4369 4370 if (length == 0) { 4371 return offset; 4372 } 4373 4374 proto_tree_add_item(parent_tree, hf_krb_pac_client_claims_info, tvb, offset, -1, ENC_NA); 4375 4376 return offset; 4377 } 4378 4379 static int 4380 dissect_krb5_PAC_DEVICE_INFO(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_) 4381 { 4382 proto_item *item; 4383 proto_tree *tree; 4384 guint8 drep[4] = { 0x10, 0x00, 0x00, 0x00}; /* fake DREP struct */ 4385 static dcerpc_info di; /* fake dcerpc_info struct */ 4386 static dcerpc_call_value call_data; 4387 4388 item = proto_tree_add_item(parent_tree, hf_krb_pac_device_info, tvb, offset, -1, ENC_NA); 4389 tree = proto_item_add_subtree(item, ett_krb_pac_device_info); 4390 4391 /* skip the first 16 bytes, they are some magic created by the idl 4392 * compiler the first 4 bytes might be flags? 4393 */ 4394 offset = dissect_krb5_PAC_NDRHEADERBLOB(tree, tvb, offset, &drep[0], actx); 4395 4396 /* the PAC_DEVICE_INFO blob */ 4397 /* fake whatever state the dcerpc runtime support needs */ 4398 di.conformant_run=0; 4399 /* we need di->call_data->flags.NDR64 == 0 */ 4400 di.call_data=&call_data; 4401 init_ndr_pointer_list(&di); 4402 offset = dissect_ndr_pointer(tvb, offset, actx->pinfo, tree, &di, drep, 4403 netlogon_dissect_PAC_DEVICE_INFO, NDR_POINTER_UNIQUE, 4404 "PAC_DEVICE_INFO:", -1); 4405 4406 return offset; 4407 } 4408 4409 static int 4410 dissect_krb5_PAC_DEVICE_CLAIMS_INFO(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_) 4411 { 4412 int length = tvb_captured_length_remaining(tvb, offset); 4413 4414 if (length == 0) { 4415 return offset; 4416 } 4417 4418 proto_tree_add_item(parent_tree, hf_krb_pac_device_claims_info, tvb, offset, -1, ENC_NA); 4419 4420 return offset; 4421 } 4422 4423 static int 4424 dissect_krb5_PAC_SERVER_CHECKSUM(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_) 4425 { 4426 proto_item *item; 4427 proto_tree *tree; 4428 4429 item = proto_tree_add_item(parent_tree, hf_krb_pac_server_checksum, tvb, offset, -1, ENC_NA); 4430 tree = proto_item_add_subtree(item, ett_krb_pac_server_checksum); 4431 4432 /* signature type */ 4433 proto_tree_add_item(tree, hf_krb_pac_signature_type, tvb, offset, 4, ENC_LITTLE_ENDIAN); 4434 offset+=4; 4435 4436 /* signature data */ 4437 proto_tree_add_item(tree, hf_krb_pac_signature_signature, tvb, offset, -1, ENC_NA); 4438 4439 return offset; 4440 } 4441 4442 static int 4443 dissect_krb5_PAC_PRIVSVR_CHECKSUM(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_) 4444 { 4445 proto_item *item; 4446 proto_tree *tree; 4447 4448 item = proto_tree_add_item(parent_tree, hf_krb_pac_privsvr_checksum, tvb, offset, -1, ENC_NA); 4449 tree = proto_item_add_subtree(item, ett_krb_pac_privsvr_checksum); 4450 4451 /* signature type */ 4452 proto_tree_add_item(tree, hf_krb_pac_signature_type, tvb, offset, 4, ENC_LITTLE_ENDIAN); 4453 offset+=4; 4454 4455 /* signature data */ 4456 proto_tree_add_item(tree, hf_krb_pac_signature_signature, tvb, offset, -1, ENC_NA); 4457 4458 return offset; 4459 } 4460 4461 static int 4462 dissect_krb5_PAC_CLIENT_INFO_TYPE(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_) 4463 { 4464 proto_item *item; 4465 proto_tree *tree; 4466 guint16 namelen; 4467 4468 item = proto_tree_add_item(parent_tree, hf_krb_pac_client_info_type, tvb, offset, -1, ENC_NA); 4469 tree = proto_item_add_subtree(item, ett_krb_pac_client_info_type); 4470 4471 /* clientid */ 4472 offset = dissect_nt_64bit_time(tvb, tree, offset, hf_krb_pac_clientid); 4473 4474 /* name length */ 4475 namelen=tvb_get_letohs(tvb, offset); 4476 proto_tree_add_uint(tree, hf_krb_pac_namelen, tvb, offset, 2, namelen); 4477 offset+=2; 4478 4479 /* client name */ 4480 proto_tree_add_item(tree, hf_krb_pac_clientname, tvb, offset, namelen, ENC_UTF_16|ENC_LITTLE_ENDIAN); 4481 offset+=namelen; 4482 4483 return offset; 4484 } 4485 4486 static int 4487 dissect_krb5_PAC_TICKET_CHECKSUM(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_) 4488 { 4489 proto_item *item; 4490 proto_tree *tree; 4491 4492 item = proto_tree_add_item(parent_tree, hf_krb_pac_ticket_checksum, tvb, offset, -1, ENC_NA); 4493 tree = proto_item_add_subtree(item, ett_krb_pac_ticket_checksum); 4494 4495 /* signature type */ 4496 proto_tree_add_item(tree, hf_krb_pac_signature_type, tvb, offset, 4, ENC_LITTLE_ENDIAN); 4497 offset+=4; 4498 4499 /* signature data */ 4500 proto_tree_add_item(tree, hf_krb_pac_signature_signature, tvb, offset, -1, ENC_NA); 4501 4502 return offset; 4503 } 4504 4505 static int 4506 dissect_krb5_AD_WIN2K_PAC_struct(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx) 4507 { 4508 guint32 pac_type; 4509 guint32 pac_size; 4510 guint32 pac_offset; 4511 proto_item *it=NULL; 4512 proto_tree *tr=NULL; 4513 tvbuff_t *next_tvb; 4514 4515 /* type of pac data */ 4516 pac_type=tvb_get_letohl(tvb, offset); 4517 it=proto_tree_add_uint(tree, hf_krb_w2k_pac_type, tvb, offset, 4, pac_type); 4518 tr=proto_item_add_subtree(it, ett_krb_pac); 4519 4520 offset += 4; 4521 4522 /* size of pac data */ 4523 pac_size=tvb_get_letohl(tvb, offset); 4524 proto_tree_add_uint(tr, hf_krb_w2k_pac_size, tvb, offset, 4, pac_size); 4525 offset += 4; 4526 4527 /* offset to pac data */ 4528 pac_offset=tvb_get_letohl(tvb, offset); 4529 proto_tree_add_uint(tr, hf_krb_w2k_pac_offset, tvb, offset, 4, pac_offset); 4530 offset += 8; 4531 4532 next_tvb=tvb_new_subset_length_caplen(tvb, pac_offset, pac_size, pac_size); 4533 switch(pac_type){ 4534 case PAC_LOGON_INFO: 4535 dissect_krb5_PAC_LOGON_INFO(tr, next_tvb, 0, actx); 4536 break; 4537 case PAC_CREDENTIAL_TYPE: 4538 dissect_krb5_PAC_CREDENTIAL_INFO(tr, next_tvb, 0, actx); 4539 break; 4540 case PAC_SERVER_CHECKSUM: 4541 dissect_krb5_PAC_SERVER_CHECKSUM(tr, next_tvb, 0, actx); 4542 break; 4543 case PAC_PRIVSVR_CHECKSUM: 4544 dissect_krb5_PAC_PRIVSVR_CHECKSUM(tr, next_tvb, 0, actx); 4545 break; 4546 case PAC_CLIENT_INFO_TYPE: 4547 dissect_krb5_PAC_CLIENT_INFO_TYPE(tr, next_tvb, 0, actx); 4548 break; 4549 case PAC_S4U_DELEGATION_INFO: 4550 dissect_krb5_PAC_S4U_DELEGATION_INFO(tr, next_tvb, 0, actx); 4551 break; 4552 case PAC_UPN_DNS_INFO: 4553 dissect_krb5_PAC_UPN_DNS_INFO(tr, next_tvb, 0, actx); 4554 break; 4555 case PAC_CLIENT_CLAIMS_INFO: 4556 dissect_krb5_PAC_CLIENT_CLAIMS_INFO(tr, next_tvb, 0, actx); 4557 break; 4558 case PAC_DEVICE_INFO: 4559 dissect_krb5_PAC_DEVICE_INFO(tr, next_tvb, 0, actx); 4560 break; 4561 case PAC_DEVICE_CLAIMS_INFO: 4562 dissect_krb5_PAC_DEVICE_CLAIMS_INFO(tr, next_tvb, 0, actx); 4563 break; 4564 case PAC_TICKET_CHECKSUM: 4565 dissect_krb5_PAC_TICKET_CHECKSUM(tr, next_tvb, 0, actx); 4566 break; 4567 4568 default: 4569 break; 4570 } 4571 return offset; 4572 } 4573 4574 static int 4575 dissect_krb5_AD_WIN2K_PAC(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, asn1_ctx_t *actx, proto_tree *tree, int hf_index _U_) 4576 { 4577 guint32 entries; 4578 guint32 version; 4579 guint32 i; 4580 4581 #if defined(HAVE_MIT_KERBEROS) && defined(HAVE_KRB5_PAC_VERIFY) 4582 verify_krb5_pac(tree, actx, tvb); 4583 #endif 4584 4585 /* first in the PAC structure comes the number of entries */ 4586 entries=tvb_get_letohl(tvb, offset); 4587 proto_tree_add_uint(tree, hf_krb_w2k_pac_entries, tvb, offset, 4, entries); 4588 offset += 4; 4589 4590 /* second comes the version */ 4591 version=tvb_get_letohl(tvb, offset); 4592 proto_tree_add_uint(tree, hf_krb_w2k_pac_version, tvb, offset, 4, version); 4593 offset += 4; 4594 4595 for(i=0;i<entries;i++){ 4596 offset=dissect_krb5_AD_WIN2K_PAC_struct(tree, tvb, offset, actx); 4597 } 4598 4599 return offset; 4600 } 4601 4602 4603 /*--- Included file: packet-kerberos-fn.c ---*/ 4604 #line 1 "./asn1/kerberos/packet-kerberos-fn.c" 4605 4606 4607 static int 4608 dissect_kerberos_INTEGER_5(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 4609 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index, 4610 NULL); 4611 4612 return offset; 4613 } 4614 4615 4616 4617 static int 4618 dissect_kerberos_KerberosString(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 4619 offset = dissect_ber_restricted_string(implicit_tag, BER_UNI_TAG_GeneralString, 4620 actx, tree, tvb, offset, hf_index, 4621 NULL); 4622 4623 return offset; 4624 } 4625 4626 4627 4628 static int 4629 dissect_kerberos_Realm(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 4630 offset = dissect_kerberos_KerberosString(implicit_tag, tvb, offset, actx, tree, hf_index); 4631 4632 return offset; 4633 } 4634 4635 4636 static const value_string kerberos_NAME_TYPE_vals[] = { 4637 { 0, "kRB5-NT-UNKNOWN" }, 4638 { 1, "kRB5-NT-PRINCIPAL" }, 4639 { 2, "kRB5-NT-SRV-INST" }, 4640 { 3, "kRB5-NT-SRV-HST" }, 4641 { 4, "kRB5-NT-SRV-XHST" }, 4642 { 5, "kRB5-NT-UID" }, 4643 { 6, "kRB5-NT-X500-PRINCIPAL" }, 4644 { 7, "kRB5-NT-SMTP-NAME" }, 4645 { 10, "kRB5-NT-ENTERPRISE-PRINCIPAL" }, 4646 { 11, "kRB5-NT-WELLKNOWN" }, 4647 { 12, "kRB5-NT-SRV-HST-DOMAIN" }, 4648 { -130, "kRB5-NT-ENT-PRINCIPAL-AND-ID" }, 4649 { -128, "kRB5-NT-MS-PRINCIPAL" }, 4650 { -129, "kRB5-NT-MS-PRINCIPAL-AND-ID" }, 4651 { -1200, "kRB5-NT-NTLM" }, 4652 { -1201, "kRB5-NT-X509-GENERAL-NAME" }, 4653 { -1202, "kRB5-NT-GSS-HOSTBASED-SERVICE" }, 4654 { -1203, "kRB5-NT-CACHE-UUID" }, 4655 { -195894762, "kRB5-NT-SRV-HST-NEEDS-CANON" }, 4656 { 0, NULL } 4657 }; 4658 4659 4660 static int 4661 dissect_kerberos_NAME_TYPE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 4662 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index, 4663 NULL); 4664 4665 return offset; 4666 } 4667 4668 4669 4670 static int 4671 dissect_kerberos_SNameString(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 4672 offset = dissect_ber_restricted_string(implicit_tag, BER_UNI_TAG_GeneralString, 4673 actx, tree, tvb, offset, hf_index, 4674 NULL); 4675 4676 return offset; 4677 } 4678 4679 4680 static const ber_sequence_t SEQUENCE_OF_SNameString_sequence_of[1] = { 4681 { &hf_kerberos_sname_string_item, BER_CLASS_UNI, BER_UNI_TAG_GeneralString, BER_FLAGS_NOOWNTAG, dissect_kerberos_SNameString }, 4682 }; 4683 4684 static int 4685 dissect_kerberos_SEQUENCE_OF_SNameString(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 4686 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset, 4687 SEQUENCE_OF_SNameString_sequence_of, hf_index, ett_kerberos_SEQUENCE_OF_SNameString); 4688 4689 return offset; 4690 } 4691 4692 4693 static const ber_sequence_t SName_sequence[] = { 4694 { &hf_kerberos_name_type , BER_CLASS_CON, 0, 0, dissect_kerberos_NAME_TYPE }, 4695 { &hf_kerberos_sname_string, BER_CLASS_CON, 1, 0, dissect_kerberos_SEQUENCE_OF_SNameString }, 4696 { NULL, 0, 0, 0, NULL } 4697 }; 4698 4699 static int 4700 dissect_kerberos_SName(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 4701 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 4702 SName_sequence, hf_index, ett_kerberos_SName); 4703 4704 return offset; 4705 } 4706 4707 4708 static const value_string kerberos_ENCTYPE_vals[] = { 4709 { 0, "eTYPE-NULL" }, 4710 { 1, "eTYPE-DES-CBC-CRC" }, 4711 { 2, "eTYPE-DES-CBC-MD4" }, 4712 { 3, "eTYPE-DES-CBC-MD5" }, 4713 { 5, "eTYPE-DES3-CBC-MD5" }, 4714 { 7, "eTYPE-OLD-DES3-CBC-SHA1" }, 4715 { 8, "eTYPE-SIGN-DSA-GENERATE" }, 4716 { 9, "eTYPE-DSA-SHA1" }, 4717 { 10, "eTYPE-RSA-MD5" }, 4718 { 11, "eTYPE-RSA-SHA1" }, 4719 { 12, "eTYPE-RC2-CBC" }, 4720 { 13, "eTYPE-RSA" }, 4721 { 14, "eTYPE-RSAES-OAEP" }, 4722 { 15, "eTYPE-DES-EDE3-CBC" }, 4723 { 16, "eTYPE-DES3-CBC-SHA1" }, 4724 { 17, "eTYPE-AES128-CTS-HMAC-SHA1-96" }, 4725 { 18, "eTYPE-AES256-CTS-HMAC-SHA1-96" }, 4726 { 19, "eTYPE-AES128-CTS-HMAC-SHA256-128" }, 4727 { 20, "eTYPE-AES256-CTS-HMAC-SHA384-192" }, 4728 { 23, "eTYPE-ARCFOUR-HMAC-MD5" }, 4729 { 24, "eTYPE-ARCFOUR-HMAC-MD5-56" }, 4730 { 25, "eTYPE-CAMELLIA128-CTS-CMAC" }, 4731 { 26, "eTYPE-CAMELLIA256-CTS-CMAC" }, 4732 { 48, "eTYPE-ENCTYPE-PK-CROSS" }, 4733 { -128, "eTYPE-ARCFOUR-MD4" }, 4734 { -133, "eTYPE-ARCFOUR-HMAC-OLD" }, 4735 { -135, "eTYPE-ARCFOUR-HMAC-OLD-EXP" }, 4736 { -4096, "eTYPE-DES-CBC-NONE" }, 4737 { -4097, "eTYPE-DES3-CBC-NONE" }, 4738 { -4098, "eTYPE-DES-CFB64-NONE" }, 4739 { -4099, "eTYPE-DES-PCBC-NONE" }, 4740 { -4100, "eTYPE-DIGEST-MD5-NONE" }, 4741 { -4101, "eTYPE-CRAM-MD5-NONE" }, 4742 { 0, NULL } 4743 }; 4744 4745 4746 static int 4747 dissect_kerberos_ENCTYPE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 4748 #line 323 "./asn1/kerberos/kerberos.cnf" 4749 kerberos_private_data_t *private_data = kerberos_get_private_data(actx); 4750 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index, 4751 &(private_data->etype)); 4752 4753 4754 4755 4756 return offset; 4757 } 4758 4759 4760 4761 static int 4762 dissect_kerberos_UInt32(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 4763 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index, 4764 NULL); 4765 4766 return offset; 4767 } 4768 4769 4770 4771 static int 4772 dissect_kerberos_T_encryptedTicketData_cipher(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 4773 #line 327 "./asn1/kerberos/kerberos.cnf" 4774 #ifdef HAVE_KERBEROS 4775 offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_ticket_data); 4776 #else 4777 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index, 4778 NULL); 4779 4780 #endif 4781 4782 4783 4784 return offset; 4785 } 4786 4787 4788 static const ber_sequence_t EncryptedTicketData_sequence[] = { 4789 { &hf_kerberos_etype , BER_CLASS_CON, 0, 0, dissect_kerberos_ENCTYPE }, 4790 { &hf_kerberos_kvno , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_UInt32 }, 4791 { &hf_kerberos_encryptedTicketData_cipher, BER_CLASS_CON, 2, 0, dissect_kerberos_T_encryptedTicketData_cipher }, 4792 { NULL, 0, 0, 0, NULL } 4793 }; 4794 4795 static int 4796 dissect_kerberos_EncryptedTicketData(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 4797 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 4798 EncryptedTicketData_sequence, hf_index, ett_kerberos_EncryptedTicketData); 4799 4800 return offset; 4801 } 4802 4803 4804 static const ber_sequence_t Ticket_U_sequence[] = { 4805 { &hf_kerberos_tkt_vno , BER_CLASS_CON, 0, 0, dissect_kerberos_INTEGER_5 }, 4806 { &hf_kerberos_realm , BER_CLASS_CON, 1, 0, dissect_kerberos_Realm }, 4807 { &hf_kerberos_sname , BER_CLASS_CON, 2, 0, dissect_kerberos_SName }, 4808 { &hf_kerberos_ticket_enc_part, BER_CLASS_CON, 3, 0, dissect_kerberos_EncryptedTicketData }, 4809 { NULL, 0, 0, 0, NULL } 4810 }; 4811 4812 static int 4813 dissect_kerberos_Ticket_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 4814 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 4815 Ticket_U_sequence, hf_index, ett_kerberos_Ticket_U); 4816 4817 return offset; 4818 } 4819 4820 4821 4822 static int 4823 dissect_kerberos_Ticket(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 4824 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset, 4825 hf_index, BER_CLASS_APP, 1, FALSE, dissect_kerberos_Ticket_U); 4826 4827 return offset; 4828 } 4829 4830 4831 4832 static int 4833 dissect_kerberos_CNameString(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 4834 offset = dissect_ber_restricted_string(implicit_tag, BER_UNI_TAG_GeneralString, 4835 actx, tree, tvb, offset, hf_index, 4836 NULL); 4837 4838 return offset; 4839 } 4840 4841 4842 static const ber_sequence_t SEQUENCE_OF_CNameString_sequence_of[1] = { 4843 { &hf_kerberos_cname_string_item, BER_CLASS_UNI, BER_UNI_TAG_GeneralString, BER_FLAGS_NOOWNTAG, dissect_kerberos_CNameString }, 4844 }; 4845 4846 static int 4847 dissect_kerberos_SEQUENCE_OF_CNameString(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 4848 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset, 4849 SEQUENCE_OF_CNameString_sequence_of, hf_index, ett_kerberos_SEQUENCE_OF_CNameString); 4850 4851 return offset; 4852 } 4853 4854 4855 static const ber_sequence_t CName_sequence[] = { 4856 { &hf_kerberos_name_type , BER_CLASS_CON, 0, 0, dissect_kerberos_NAME_TYPE }, 4857 { &hf_kerberos_cname_string, BER_CLASS_CON, 1, 0, dissect_kerberos_SEQUENCE_OF_CNameString }, 4858 { NULL, 0, 0, 0, NULL } 4859 }; 4860 4861 static int 4862 dissect_kerberos_CName(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 4863 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 4864 CName_sequence, hf_index, ett_kerberos_CName); 4865 4866 return offset; 4867 } 4868 4869 4870 static const value_string kerberos_CKSUMTYPE_vals[] = { 4871 { 0, "cKSUMTYPE-NONE" }, 4872 { 1, "cKSUMTYPE-CRC32" }, 4873 { 2, "cKSUMTYPE-RSA-MD4" }, 4874 { 3, "cKSUMTYPE-RSA-MD4-DES" }, 4875 { 4, "cKSUMTYPE-DES-MAC" }, 4876 { 5, "cKSUMTYPE-DES-MAC-K" }, 4877 { 6, "cKSUMTYPE-RSA-MD4-DES-K" }, 4878 { 7, "cKSUMTYPE-RSA-MD5" }, 4879 { 8, "cKSUMTYPE-RSA-MD5-DES" }, 4880 { 9, "cKSUMTYPE-RSA-MD5-DES3" }, 4881 { 10, "cKSUMTYPE-SHA1-OTHER" }, 4882 { 12, "cKSUMTYPE-HMAC-SHA1-DES3-KD" }, 4883 { 13, "cKSUMTYPE-HMAC-SHA1-DES3" }, 4884 { 14, "cKSUMTYPE-SHA1" }, 4885 { 15, "cKSUMTYPE-HMAC-SHA1-96-AES-128" }, 4886 { 16, "cKSUMTYPE-HMAC-SHA1-96-AES-256" }, 4887 { 17, "cKSUMTYPE-CMAC-CAMELLIA128" }, 4888 { 18, "cKSUMTYPE-CMAC-CAMELLIA256" }, 4889 { 19, "cKSUMTYPE-HMAC-SHA256-128-AES128" }, 4890 { 20, "cKSUMTYPE-HMAC-SHA384-192-AES256" }, 4891 { 32771, "cKSUMTYPE-GSSAPI" }, 4892 { -138, "cKSUMTYPE-HMAC-MD5" }, 4893 { -1138, "cKSUMTYPE-HMAC-MD5-ENC" }, 4894 { 0, NULL } 4895 }; 4896 4897 4898 static int 4899 dissect_kerberos_CKSUMTYPE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 4900 #line 383 "./asn1/kerberos/kerberos.cnf" 4901 kerberos_private_data_t *private_data = kerberos_get_private_data(actx); 4902 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index, 4903 &(private_data->checksum_type)); 4904 4905 4906 4907 4908 return offset; 4909 } 4910 4911 4912 4913 static int 4914 dissect_kerberos_T_checksum(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 4915 #line 387 "./asn1/kerberos/kerberos.cnf" 4916 tvbuff_t *next_tvb; 4917 kerberos_private_data_t *private_data = kerberos_get_private_data(actx); 4918 4919 switch(private_data->checksum_type){ 4920 case KRB5_CHKSUM_GSSAPI: 4921 offset=dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_index, &next_tvb); 4922 dissect_krb5_rfc1964_checksum(actx, tree, next_tvb); 4923 break; 4924 default: 4925 offset=dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_index, NULL); 4926 break; 4927 } 4928 4929 4930 4931 return offset; 4932 } 4933 4934 4935 static const ber_sequence_t Checksum_sequence[] = { 4936 { &hf_kerberos_cksumtype , BER_CLASS_CON, 0, 0, dissect_kerberos_CKSUMTYPE }, 4937 { &hf_kerberos_checksum , BER_CLASS_CON, 1, 0, dissect_kerberos_T_checksum }, 4938 { NULL, 0, 0, 0, NULL } 4939 }; 4940 4941 static int 4942 dissect_kerberos_Checksum(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 4943 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 4944 Checksum_sequence, hf_index, ett_kerberos_Checksum); 4945 4946 return offset; 4947 } 4948 4949 4950 4951 static int 4952 dissect_kerberos_Microseconds(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 4953 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index, 4954 NULL); 4955 4956 return offset; 4957 } 4958 4959 4960 4961 static int 4962 dissect_kerberos_KerberosTime(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 4963 offset = dissect_ber_GeneralizedTime(implicit_tag, actx, tree, tvb, offset, hf_index); 4964 4965 return offset; 4966 } 4967 4968 4969 4970 static int 4971 dissect_kerberos_Int32(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 4972 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index, 4973 NULL); 4974 4975 return offset; 4976 } 4977 4978 4979 4980 static int 4981 dissect_kerberos_T_keytype(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 4982 #line 401 "./asn1/kerberos/kerberos.cnf" 4983 kerberos_private_data_t *private_data = kerberos_get_private_data(actx); 4984 4985 private_data->key_hidden_item = proto_tree_add_item(tree, hf_krb_key_hidden_item, 4986 tvb, 0, 0, ENC_NA); 4987 if (private_data->key_hidden_item != NULL) { 4988 proto_item_set_hidden(private_data->key_hidden_item); 4989 } 4990 4991 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index, 4992 &gbl_keytype); 4993 private_data->key.keytype = gbl_keytype; 4994 4995 4996 4997 return offset; 4998 } 4999 5000 5001 5002 static int 5003 dissect_kerberos_T_keyvalue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 5004 #line 414 "./asn1/kerberos/kerberos.cnf" 5005 tvbuff_t *out_tvb; 5006 kerberos_private_data_t *private_data = kerberos_get_private_data(actx); 5007 5008 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index, 5009 &out_tvb); 5010 5011 5012 private_data->key.keylength = tvb_reported_length(out_tvb); 5013 private_data->key.keyvalue = tvb_get_ptr(out_tvb, 0, private_data->key.keylength); 5014 private_data->key_tree = tree; 5015 private_data->key_tvb = out_tvb; 5016 5017 5018 5019 return offset; 5020 } 5021 5022 5023 static const ber_sequence_t EncryptionKey_sequence[] = { 5024 { &hf_kerberos_keytype , BER_CLASS_CON, 0, 0, dissect_kerberos_T_keytype }, 5025 { &hf_kerberos_keyvalue , BER_CLASS_CON, 1, 0, dissect_kerberos_T_keyvalue }, 5026 { NULL, 0, 0, 0, NULL } 5027 }; 5028 5029 static int 5030 dissect_kerberos_EncryptionKey(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 5031 #line 425 "./asn1/kerberos/kerberos.cnf" 5032 kerberos_private_data_t *private_data = kerberos_get_private_data(actx); 5033 #ifdef HAVE_KERBEROS 5034 int start_offset = offset; 5035 #endif 5036 5037 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 5038 EncryptionKey_sequence, hf_index, ett_kerberos_EncryptionKey); 5039 5040 5041 if (private_data->key.keytype != 0 && private_data->key.keylength > 0) { 5042 #ifdef HAVE_KERBEROS 5043 int length = offset - start_offset; 5044 private_data->last_added_key = NULL; 5045 private_data->save_encryption_key_fn(tvb, start_offset, length, actx, tree, 5046 private_data->save_encryption_key_parent_hf_index, 5047 hf_index); 5048 private_data->last_added_key = NULL; 5049 #endif 5050 } 5051 5052 5053 5054 return offset; 5055 } 5056 5057 5058 5059 static int 5060 dissect_kerberos_T_authenticator_subkey(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 5061 #line 444 "./asn1/kerberos/kerberos.cnf" 5062 kerberos_private_data_t *private_data = kerberos_get_private_data(actx); 5063 gint save_encryption_key_parent_hf_index = private_data->save_encryption_key_parent_hf_index; 5064 kerberos_key_save_fn saved_encryption_key_fn = private_data->save_encryption_key_fn; 5065 private_data->save_encryption_key_parent_hf_index = hf_kerberos_authenticator; 5066 #ifdef HAVE_KERBEROS 5067 private_data->save_encryption_key_fn = save_Authenticator_subkey; 5068 #endif 5069 offset = dissect_kerberos_EncryptionKey(implicit_tag, tvb, offset, actx, tree, hf_index); 5070 5071 private_data->save_encryption_key_parent_hf_index = save_encryption_key_parent_hf_index; 5072 private_data->save_encryption_key_fn = saved_encryption_key_fn; 5073 5074 5075 5076 return offset; 5077 } 5078 5079 5080 static const value_string kerberos_AUTHDATA_TYPE_vals[] = { 5081 { KERBEROS_AD_IF_RELEVANT, "aD-IF-RELEVANT" }, 5082 { KERBEROS_AD_INTENDED_FOR_SERVER, "aD-INTENDED-FOR-SERVER" }, 5083 { KERBEROS_AD_INTENDED_FOR_APPLICATION_CLASS, "aD-INTENDED-FOR-APPLICATION-CLASS" }, 5084 { KERBEROS_AD_KDC_ISSUED, "aD-KDC-ISSUED" }, 5085 { KERBEROS_AD_AND_OR, "aD-AND-OR" }, 5086 { KERBEROS_AD_MANDATORY_TICKET_EXTENSIONS, "aD-MANDATORY-TICKET-EXTENSIONS" }, 5087 { KERBEROS_AD_IN_TICKET_EXTENSIONS, "aD-IN-TICKET-EXTENSIONS" }, 5088 { KERBEROS_AD_MANDATORY_FOR_KDC, "aD-MANDATORY-FOR-KDC" }, 5089 { KERBEROS_AD_INITIAL_VERIFIED_CAS, "aD-INITIAL-VERIFIED-CAS" }, 5090 { KERBEROS_AD_OSF_DCE, "aD-OSF-DCE" }, 5091 { KERBEROS_AD_SESAME, "aD-SESAME" }, 5092 { KERBEROS_AD_OSF_DCE_PKI_CERTID, "aD-OSF-DCE-PKI-CERTID" }, 5093 { KERBEROS_AD_AUTHENTICATION_STRENGTH, "aD-authentication-strength" }, 5094 { KERBEROS_AD_FX_FAST_ARMOR, "aD-fx-fast-armor" }, 5095 { KERBEROS_AD_FX_FAST_USED, "aD-fx-fast-used" }, 5096 { KERBEROS_AD_WIN2K_PAC, "aD-WIN2K-PAC" }, 5097 { KERBEROS_AD_GSS_API_ETYPE_NEGOTIATION, "aD-GSS-API-ETYPE-NEGOTIATION" }, 5098 { KERBEROS_AD_TOKEN_RESTRICTIONS, "aD-TOKEN-RESTRICTIONS" }, 5099 { KERBEROS_AD_LOCAL, "aD-LOCAL" }, 5100 { KERBEROS_AD_AP_OPTIONS, "aD-AP-OPTIONS" }, 5101 { KERBEROS_AD_TARGET_PRINCIPAL, "aD-TARGET-PRINCIPAL" }, 5102 { KERBEROS_AD_SIGNTICKET_OLDER, "aD-SIGNTICKET-OLDER" }, 5103 { KERBEROS_AD_SIGNTICKET, "aD-SIGNTICKET" }, 5104 { 0, NULL } 5105 }; 5106 5107 5108 static int 5109 dissect_kerberos_AUTHDATA_TYPE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 5110 #line 525 "./asn1/kerberos/kerberos.cnf" 5111 kerberos_private_data_t *private_data = kerberos_get_private_data(actx); 5112 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index, 5113 &(private_data->ad_type)); 5114 5115 5116 5117 5118 return offset; 5119 } 5120 5121 5122 5123 static int 5124 dissect_kerberos_T_ad_data(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 5125 #line 529 "./asn1/kerberos/kerberos.cnf" 5126 kerberos_private_data_t *private_data = kerberos_get_private_data(actx); 5127 5128 switch(private_data->ad_type){ 5129 case KERBEROS_AD_WIN2K_PAC: 5130 offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset, hf_index, dissect_krb5_AD_WIN2K_PAC); 5131 break; 5132 case KERBEROS_AD_IF_RELEVANT: 5133 offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset, hf_index, dissect_kerberos_AD_IF_RELEVANT); 5134 break; 5135 case KERBEROS_AD_AUTHENTICATION_STRENGTH: 5136 offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset, hf_index, dissect_kerberos_PA_AUTHENTICATION_SET_ELEM); 5137 break; 5138 case KERBEROS_AD_GSS_API_ETYPE_NEGOTIATION: 5139 offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset, hf_index, dissect_kerberos_SEQUENCE_OF_ENCTYPE); 5140 break; 5141 case KERBEROS_AD_TOKEN_RESTRICTIONS: 5142 offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset, hf_index, dissect_kerberos_KERB_AD_RESTRICTION_ENTRY); 5143 break; 5144 case KERBEROS_AD_AP_OPTIONS: 5145 offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset, hf_index, dissect_kerberos_AD_AP_OPTIONS); 5146 break; 5147 case KERBEROS_AD_TARGET_PRINCIPAL: 5148 offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset, hf_index, dissect_kerberos_AD_TARGET_PRINCIPAL); 5149 break; 5150 default: 5151 offset=dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index, NULL); 5152 break; 5153 } 5154 5155 5156 5157 return offset; 5158 } 5159 5160 5161 static const ber_sequence_t AuthorizationData_item_sequence[] = { 5162 { &hf_kerberos_ad_type , BER_CLASS_CON, 0, 0, dissect_kerberos_AUTHDATA_TYPE }, 5163 { &hf_kerberos_ad_data , BER_CLASS_CON, 1, 0, dissect_kerberos_T_ad_data }, 5164 { NULL, 0, 0, 0, NULL } 5165 }; 5166 5167 static int 5168 dissect_kerberos_AuthorizationData_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 5169 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 5170 AuthorizationData_item_sequence, hf_index, ett_kerberos_AuthorizationData_item); 5171 5172 return offset; 5173 } 5174 5175 5176 static const ber_sequence_t AuthorizationData_sequence_of[1] = { 5177 { &hf_kerberos_AuthorizationData_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_kerberos_AuthorizationData_item }, 5178 }; 5179 5180 static int 5181 dissect_kerberos_AuthorizationData(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 5182 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset, 5183 AuthorizationData_sequence_of, hf_index, ett_kerberos_AuthorizationData); 5184 5185 return offset; 5186 } 5187 5188 5189 static const ber_sequence_t Authenticator_U_sequence[] = { 5190 { &hf_kerberos_authenticator_vno, BER_CLASS_CON, 0, 0, dissect_kerberos_INTEGER_5 }, 5191 { &hf_kerberos_crealm , BER_CLASS_CON, 1, 0, dissect_kerberos_Realm }, 5192 { &hf_kerberos_cname , BER_CLASS_CON, 2, 0, dissect_kerberos_CName }, 5193 { &hf_kerberos_cksum , BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL, dissect_kerberos_Checksum }, 5194 { &hf_kerberos_cusec , BER_CLASS_CON, 4, 0, dissect_kerberos_Microseconds }, 5195 { &hf_kerberos_ctime , BER_CLASS_CON, 5, 0, dissect_kerberos_KerberosTime }, 5196 { &hf_kerberos_authenticator_subkey, BER_CLASS_CON, 6, BER_FLAGS_OPTIONAL, dissect_kerberos_T_authenticator_subkey }, 5197 { &hf_kerberos_seq_number , BER_CLASS_CON, 7, BER_FLAGS_OPTIONAL, dissect_kerberos_UInt32 }, 5198 { &hf_kerberos_authorization_data, BER_CLASS_CON, 8, BER_FLAGS_OPTIONAL, dissect_kerberos_AuthorizationData }, 5199 { NULL, 0, 0, 0, NULL } 5200 }; 5201 5202 static int 5203 dissect_kerberos_Authenticator_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 5204 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 5205 Authenticator_U_sequence, hf_index, ett_kerberos_Authenticator_U); 5206 5207 return offset; 5208 } 5209 5210 5211 5212 static int 5213 dissect_kerberos_Authenticator(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 5214 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset, 5215 hf_index, BER_CLASS_APP, 2, FALSE, dissect_kerberos_Authenticator_U); 5216 5217 return offset; 5218 } 5219 5220 5221 static int * const TicketFlags_bits[] = { 5222 &hf_kerberos_TicketFlags_reserved, 5223 &hf_kerberos_TicketFlags_forwardable, 5224 &hf_kerberos_TicketFlags_forwarded, 5225 &hf_kerberos_TicketFlags_proxiable, 5226 &hf_kerberos_TicketFlags_proxy, 5227 &hf_kerberos_TicketFlags_may_postdate, 5228 &hf_kerberos_TicketFlags_postdated, 5229 &hf_kerberos_TicketFlags_invalid, 5230 &hf_kerberos_TicketFlags_renewable, 5231 &hf_kerberos_TicketFlags_initial, 5232 &hf_kerberos_TicketFlags_pre_authent, 5233 &hf_kerberos_TicketFlags_hw_authent, 5234 &hf_kerberos_TicketFlags_transited_policy_checked, 5235 &hf_kerberos_TicketFlags_ok_as_delegate, 5236 &hf_kerberos_TicketFlags_unused, 5237 &hf_kerberos_TicketFlags_enc_pa_rep, 5238 &hf_kerberos_TicketFlags_anonymous, 5239 NULL 5240 }; 5241 5242 static int 5243 dissect_kerberos_TicketFlags(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 5244 offset = dissect_ber_bitstring(implicit_tag, actx, tree, tvb, offset, 5245 TicketFlags_bits, 17, hf_index, ett_kerberos_TicketFlags, 5246 NULL); 5247 5248 return offset; 5249 } 5250 5251 5252 5253 static int 5254 dissect_kerberos_T_encTicketPart_key(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 5255 #line 489 "./asn1/kerberos/kerberos.cnf" 5256 kerberos_private_data_t *private_data = kerberos_get_private_data(actx); 5257 gint save_encryption_key_parent_hf_index = private_data->save_encryption_key_parent_hf_index; 5258 kerberos_key_save_fn saved_encryption_key_fn = private_data->save_encryption_key_fn; 5259 private_data->save_encryption_key_parent_hf_index = hf_kerberos_encTicketPart; 5260 #ifdef HAVE_KERBEROS 5261 private_data->save_encryption_key_fn = save_EncTicketPart_key; 5262 #endif 5263 offset = dissect_kerberos_EncryptionKey(implicit_tag, tvb, offset, actx, tree, hf_index); 5264 5265 private_data->save_encryption_key_parent_hf_index = save_encryption_key_parent_hf_index; 5266 private_data->save_encryption_key_fn = saved_encryption_key_fn; 5267 5268 5269 5270 return offset; 5271 } 5272 5273 5274 5275 static int 5276 dissect_kerberos_OCTET_STRING(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 5277 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index, 5278 NULL); 5279 5280 return offset; 5281 } 5282 5283 5284 static const ber_sequence_t TransitedEncoding_sequence[] = { 5285 { &hf_kerberos_tr_type , BER_CLASS_CON, 0, 0, dissect_kerberos_Int32 }, 5286 { &hf_kerberos_contents , BER_CLASS_CON, 1, 0, dissect_kerberos_OCTET_STRING }, 5287 { NULL, 0, 0, 0, NULL } 5288 }; 5289 5290 static int 5291 dissect_kerberos_TransitedEncoding(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 5292 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 5293 TransitedEncoding_sequence, hf_index, ett_kerberos_TransitedEncoding); 5294 5295 return offset; 5296 } 5297 5298 5299 static const value_string kerberos_ADDR_TYPE_vals[] = { 5300 { KERBEROS_ADDR_TYPE_IPV4, "iPv4" }, 5301 { KERBEROS_ADDR_TYPE_CHAOS, "cHAOS" }, 5302 { KERBEROS_ADDR_TYPE_XEROX, "xEROX" }, 5303 { KERBEROS_ADDR_TYPE_ISO, "iSO" }, 5304 { KERBEROS_ADDR_TYPE_DECNET, "dECNET" }, 5305 { KERBEROS_ADDR_TYPE_APPLETALK, "aPPLETALK" }, 5306 { KERBEROS_ADDR_TYPE_NETBIOS, "nETBIOS" }, 5307 { KERBEROS_ADDR_TYPE_IPV6, "iPv6" }, 5308 { 0, NULL } 5309 }; 5310 5311 5312 static int 5313 dissect_kerberos_ADDR_TYPE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 5314 #line 562 "./asn1/kerberos/kerberos.cnf" 5315 kerberos_private_data_t *private_data = kerberos_get_private_data(actx); 5316 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index, 5317 &(private_data->addr_type)); 5318 5319 5320 5321 5322 return offset; 5323 } 5324 5325 5326 5327 static int 5328 dissect_kerberos_T_address(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 5329 #line 272 "./asn1/kerberos/kerberos.cnf" 5330 gint8 appclass; 5331 gboolean pc; 5332 gint32 tag; 5333 guint32 len; 5334 const char *address_str; 5335 proto_item *it=NULL; 5336 kerberos_private_data_t *private_data = kerberos_get_private_data(actx); 5337 5338 /* read header and len for the octet string */ 5339 offset=dissect_ber_identifier(actx->pinfo, tree, tvb, offset, &appclass, &pc, &tag); 5340 offset=dissect_ber_length(actx->pinfo, tree, tvb, offset, &len, NULL); 5341 5342 switch(private_data->addr_type){ 5343 case KERBEROS_ADDR_TYPE_IPV4: 5344 it=proto_tree_add_item(tree, hf_krb_address_ip, tvb, offset, 4, ENC_BIG_ENDIAN); 5345 address_str = tvb_ip_to_str(actx->pinfo->pool, tvb, offset); 5346 break; 5347 case KERBEROS_ADDR_TYPE_NETBIOS: 5348 { 5349 char netbios_name[(NETBIOS_NAME_LEN - 1)*4 + 1]; 5350 int netbios_name_type; 5351 int netbios_name_len = (NETBIOS_NAME_LEN - 1)*4 + 1; 5352 5353 netbios_name_type = process_netbios_name(tvb_get_ptr(tvb, offset, 16), netbios_name, netbios_name_len); 5354 address_str = wmem_strdup_printf(actx->pinfo->pool, "%s<%02x>", netbios_name, netbios_name_type); 5355 it=proto_tree_add_string_format(tree, hf_krb_address_netbios, tvb, offset, 16, netbios_name, "NetBIOS Name: %s (%s)", address_str, netbios_name_type_descr(netbios_name_type)); 5356 } 5357 break; 5358 case KERBEROS_ADDR_TYPE_IPV6: 5359 it=proto_tree_add_item(tree, hf_krb_address_ipv6, tvb, offset, INET6_ADDRLEN, ENC_NA); 5360 address_str = tvb_ip6_to_str(actx->pinfo->pool, tvb, offset); 5361 break; 5362 default: 5363 proto_tree_add_expert(tree, actx->pinfo, &ei_kerberos_address, tvb, offset, len); 5364 address_str = NULL; 5365 break; 5366 } 5367 5368 /* push it up two levels in the decode pane */ 5369 if(it && address_str){ 5370 proto_item_append_text(proto_item_get_parent(it), " %s",address_str); 5371 proto_item_append_text(proto_item_get_parent_nth(it, 2), " %s",address_str); 5372 } 5373 5374 offset+=len; 5375 5376 5377 5378 5379 return offset; 5380 } 5381 5382 5383 static const ber_sequence_t HostAddress_sequence[] = { 5384 { &hf_kerberos_addr_type , BER_CLASS_CON, 0, 0, dissect_kerberos_ADDR_TYPE }, 5385 { &hf_kerberos_address , BER_CLASS_CON, 1, 0, dissect_kerberos_T_address }, 5386 { NULL, 0, 0, 0, NULL } 5387 }; 5388 5389 static int 5390 dissect_kerberos_HostAddress(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 5391 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 5392 HostAddress_sequence, hf_index, ett_kerberos_HostAddress); 5393 5394 return offset; 5395 } 5396 5397 5398 static const ber_sequence_t HostAddresses_sequence_of[1] = { 5399 { &hf_kerberos_HostAddresses_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_kerberos_HostAddress }, 5400 }; 5401 5402 static int 5403 dissect_kerberos_HostAddresses(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 5404 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset, 5405 HostAddresses_sequence_of, hf_index, ett_kerberos_HostAddresses); 5406 5407 return offset; 5408 } 5409 5410 5411 static const ber_sequence_t EncTicketPart_U_sequence[] = { 5412 { &hf_kerberos_flags , BER_CLASS_CON, 0, 0, dissect_kerberos_TicketFlags }, 5413 { &hf_kerberos_encTicketPart_key, BER_CLASS_CON, 1, 0, dissect_kerberos_T_encTicketPart_key }, 5414 { &hf_kerberos_crealm , BER_CLASS_CON, 2, 0, dissect_kerberos_Realm }, 5415 { &hf_kerberos_cname , BER_CLASS_CON, 3, 0, dissect_kerberos_CName }, 5416 { &hf_kerberos_transited , BER_CLASS_CON, 4, 0, dissect_kerberos_TransitedEncoding }, 5417 { &hf_kerberos_authtime , BER_CLASS_CON, 5, 0, dissect_kerberos_KerberosTime }, 5418 { &hf_kerberos_starttime , BER_CLASS_CON, 6, BER_FLAGS_OPTIONAL, dissect_kerberos_KerberosTime }, 5419 { &hf_kerberos_endtime , BER_CLASS_CON, 7, 0, dissect_kerberos_KerberosTime }, 5420 { &hf_kerberos_renew_till , BER_CLASS_CON, 8, BER_FLAGS_OPTIONAL, dissect_kerberos_KerberosTime }, 5421 { &hf_kerberos_caddr , BER_CLASS_CON, 9, BER_FLAGS_OPTIONAL, dissect_kerberos_HostAddresses }, 5422 { &hf_kerberos_authorization_data, BER_CLASS_CON, 10, BER_FLAGS_OPTIONAL, dissect_kerberos_AuthorizationData }, 5423 { NULL, 0, 0, 0, NULL } 5424 }; 5425 5426 static int 5427 dissect_kerberos_EncTicketPart_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 5428 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 5429 EncTicketPart_U_sequence, hf_index, ett_kerberos_EncTicketPart_U); 5430 5431 return offset; 5432 } 5433 5434 5435 5436 static int 5437 dissect_kerberos_EncTicketPart(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 5438 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset, 5439 hf_index, BER_CLASS_APP, 3, FALSE, dissect_kerberos_EncTicketPart_U); 5440 5441 return offset; 5442 } 5443 5444 5445 static const value_string kerberos_MESSAGE_TYPE_vals[] = { 5446 { 10, "krb-as-req" }, 5447 { 11, "krb-as-rep" }, 5448 { 12, "krb-tgs-req" }, 5449 { 13, "krb-tgs-rep" }, 5450 { 14, "krb-ap-req" }, 5451 { 15, "krb-ap-rep" }, 5452 { 16, "krb-tgt-req" }, 5453 { 17, "krb-tgt-rep" }, 5454 { 20, "krb-safe" }, 5455 { 21, "krb-priv" }, 5456 { 22, "krb-cred" }, 5457 { 30, "krb-error" }, 5458 { 0, NULL } 5459 }; 5460 5461 5462 static int 5463 dissect_kerberos_MESSAGE_TYPE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 5464 #line 100 "./asn1/kerberos/kerberos.cnf" 5465 kerberos_private_data_t *private_data = kerberos_get_private_data(actx); 5466 guint32 msgtype; 5467 5468 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index, 5469 &msgtype); 5470 5471 5472 5473 5474 #line 106 "./asn1/kerberos/kerberos.cnf" 5475 if (gbl_do_col_info) { 5476 col_add_str(actx->pinfo->cinfo, COL_INFO, 5477 val_to_str(msgtype, krb5_msg_types, 5478 "Unknown msg type %#x")); 5479 } 5480 gbl_do_col_info=FALSE; 5481 5482 #if 0 5483 /* append the application type to the tree */ 5484 proto_item_append_text(tree, " %s", val_to_str(msgtype, krb5_msg_types, "Unknown:0x%x")); 5485 #endif 5486 if (private_data->msg_type == 0) { 5487 private_data->msg_type = msgtype; 5488 } 5489 5490 5491 return offset; 5492 } 5493 5494 5495 static const value_string kerberos_PADATA_TYPE_vals[] = { 5496 { KERBEROS_PA_NONE, "pA-NONE" }, 5497 { KERBEROS_PA_TGS_REQ, "pA-TGS-REQ" }, 5498 { KERBEROS_PA_ENC_TIMESTAMP, "pA-ENC-TIMESTAMP" }, 5499 { KERBEROS_PA_PW_SALT, "pA-PW-SALT" }, 5500 { KERBEROS_PA_ENC_UNIX_TIME, "pA-ENC-UNIX-TIME" }, 5501 { KERBEROS_PA_SANDIA_SECUREID, "pA-SANDIA-SECUREID" }, 5502 { KERBEROS_PA_SESAME, "pA-SESAME" }, 5503 { KERBEROS_PA_OSF_DCE, "pA-OSF-DCE" }, 5504 { KERBEROS_PA_CYBERSAFE_SECUREID, "pA-CYBERSAFE-SECUREID" }, 5505 { KERBEROS_PA_AFS3_SALT, "pA-AFS3-SALT" }, 5506 { KERBEROS_PA_ETYPE_INFO, "pA-ETYPE-INFO" }, 5507 { KERBEROS_PA_SAM_CHALLENGE, "pA-SAM-CHALLENGE" }, 5508 { KERBEROS_PA_SAM_RESPONSE, "pA-SAM-RESPONSE" }, 5509 { KERBEROS_PA_PK_AS_REQ_19, "pA-PK-AS-REQ-19" }, 5510 { KERBEROS_PA_PK_AS_REP_19, "pA-PK-AS-REP-19" }, 5511 { KERBEROS_PA_PK_AS_REQ, "pA-PK-AS-REQ" }, 5512 { KERBEROS_PA_PK_AS_REP, "pA-PK-AS-REP" }, 5513 { KERBEROS_PA_PK_OCSP_RESPONSE, "pA-PK-OCSP-RESPONSE" }, 5514 { KERBEROS_PA_ETYPE_INFO2, "pA-ETYPE-INFO2" }, 5515 { KERBEROS_PA_USE_SPECIFIED_KVNO, "pA-USE-SPECIFIED-KVNO" }, 5516 { KERBEROS_PA_SAM_REDIRECT, "pA-SAM-REDIRECT" }, 5517 { KERBEROS_PA_GET_FROM_TYPED_DATA, "pA-GET-FROM-TYPED-DATA" }, 5518 { KERBEROS_TD_PADATA, "tD-PADATA" }, 5519 { KERBEROS_PA_SAM_ETYPE_INFO, "pA-SAM-ETYPE-INFO" }, 5520 { KERBEROS_PA_ALT_PRINC, "pA-ALT-PRINC" }, 5521 { KERBEROS_PA_SERVER_REFERRAL, "pA-SERVER-REFERRAL" }, 5522 { KERBEROS_PA_SAM_CHALLENGE2, "pA-SAM-CHALLENGE2" }, 5523 { KERBEROS_PA_SAM_RESPONSE2, "pA-SAM-RESPONSE2" }, 5524 { KERBEROS_PA_EXTRA_TGT, "pA-EXTRA-TGT" }, 5525 { KERBEROS_TD_PKINIT_CMS_CERTIFICATES, "tD-PKINIT-CMS-CERTIFICATES" }, 5526 { KERBEROS_TD_KRB_PRINCIPAL, "tD-KRB-PRINCIPAL" }, 5527 { KERBEROS_TD_KRB_REALM, "tD-KRB-REALM" }, 5528 { KERBEROS_TD_TRUSTED_CERTIFIERS, "tD-TRUSTED-CERTIFIERS" }, 5529 { KERBEROS_TD_CERTIFICATE_INDEX, "tD-CERTIFICATE-INDEX" }, 5530 { KERBEROS_TD_APP_DEFINED_ERROR, "tD-APP-DEFINED-ERROR" }, 5531 { KERBEROS_TD_REQ_NONCE, "tD-REQ-NONCE" }, 5532 { KERBEROS_TD_REQ_SEQ, "tD-REQ-SEQ" }, 5533 { KERBEROS_TD_DH_PARAMETERS, "tD-DH-PARAMETERS" }, 5534 { KERBEROS_TD_CMS_DIGEST_ALGORITHMS, "tD-CMS-DIGEST-ALGORITHMS" }, 5535 { KERBEROS_TD_CERT_DIGEST_ALGORITHMS, "tD-CERT-DIGEST-ALGORITHMS" }, 5536 { KERBEROS_PA_PAC_REQUEST, "pA-PAC-REQUEST" }, 5537 { KERBEROS_PA_FOR_USER, "pA-FOR-USER" }, 5538 { KERBEROS_PA_FOR_X509_USER, "pA-FOR-X509-USER" }, 5539 { KERBEROS_PA_FOR_CHECK_DUPS, "pA-FOR-CHECK-DUPS" }, 5540 { KERBEROS_PA_PK_AS_09_BINDING, "pA-PK-AS-09-BINDING" }, 5541 { KERBEROS_PA_FX_COOKIE, "pA-FX-COOKIE" }, 5542 { KERBEROS_PA_AUTHENTICATION_SET, "pA-AUTHENTICATION-SET" }, 5543 { KERBEROS_PA_AUTH_SET_SELECTED, "pA-AUTH-SET-SELECTED" }, 5544 { KERBEROS_PA_FX_FAST, "pA-FX-FAST" }, 5545 { KERBEROS_PA_FX_ERROR, "pA-FX-ERROR" }, 5546 { KERBEROS_PA_ENCRYPTED_CHALLENGE, "pA-ENCRYPTED-CHALLENGE" }, 5547 { KERBEROS_PA_OTP_CHALLENGE, "pA-OTP-CHALLENGE" }, 5548 { KERBEROS_PA_OTP_REQUEST, "pA-OTP-REQUEST" }, 5549 { KERBEROS_PA_OTP_CONFIRM, "pA-OTP-CONFIRM" }, 5550 { KERBEROS_PA_OTP_PIN_CHANGE, "pA-OTP-PIN-CHANGE" }, 5551 { KERBEROS_PA_EPAK_AS_REQ, "pA-EPAK-AS-REQ" }, 5552 { KERBEROS_PA_EPAK_AS_REP, "pA-EPAK-AS-REP" }, 5553 { KERBEROS_PA_PKINIT_KX, "pA-PKINIT-KX" }, 5554 { KERBEROS_PA_PKU2U_NAME, "pA-PKU2U-NAME" }, 5555 { KERBEROS_PA_REQ_ENC_PA_REP, "pA-REQ-ENC-PA-REP" }, 5556 { KERBEROS_PA_SPAKE, "pA-SPAKE" }, 5557 { KERBEROS_PA_KERB_KEY_LIST_REQ, "pA-KERB-KEY-LIST-REQ" }, 5558 { KERBEROS_PA_KERB_KEY_LIST_REP, "pA-KERB-KEY-LIST-REP" }, 5559 { KERBEROS_PA_SUPPORTED_ETYPES, "pA-SUPPORTED-ETYPES" }, 5560 { KERBEROS_PA_EXTENDED_ERROR, "pA-EXTENDED-ERROR" }, 5561 { KERBEROS_PA_PAC_OPTIONS, "pA-PAC-OPTIONS" }, 5562 { KERBEROS_PA_PROV_SRV_LOCATION, "pA-PROV-SRV-LOCATION" }, 5563 { 0, NULL } 5564 }; 5565 5566 5567 static int 5568 dissect_kerberos_PADATA_TYPE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 5569 #line 165 "./asn1/kerberos/kerberos.cnf" 5570 kerberos_private_data_t* private_data = kerberos_get_private_data(actx); 5571 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index, 5572 &(private_data->padata_type)); 5573 5574 5575 5576 #line 168 "./asn1/kerberos/kerberos.cnf" 5577 if(tree){ 5578 proto_item_append_text(tree, " %s", 5579 val_to_str(private_data->padata_type, kerberos_PADATA_TYPE_vals, 5580 "Unknown:%d")); 5581 } 5582 5583 5584 return offset; 5585 } 5586 5587 5588 5589 static int 5590 dissect_kerberos_T_padata_value(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 5591 #line 175 "./asn1/kerberos/kerberos.cnf" 5592 proto_tree *sub_tree=tree; 5593 kerberos_private_data_t* private_data = kerberos_get_private_data(actx); 5594 5595 if(actx->created_item){ 5596 sub_tree=proto_item_add_subtree(actx->created_item, ett_kerberos_PA_DATA); 5597 } 5598 5599 switch(private_data->padata_type){ 5600 case KERBEROS_PA_TGS_REQ: 5601 private_data->within_PA_TGS_REQ++; 5602 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_Applications); 5603 private_data->within_PA_TGS_REQ--; 5604 break; 5605 case KERBEROS_PA_PK_AS_REP_19: 5606 private_data->is_win2k_pkinit = TRUE; 5607 if (kerberos_private_is_kdc_req(private_data)) { 5608 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_pkinit_PA_PK_AS_REQ_Win2k); 5609 } else { 5610 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_pkinit_PA_PK_AS_REP_Win2k); 5611 } 5612 break; 5613 case KERBEROS_PA_PK_AS_REQ: 5614 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_pkinit_PaPkAsReq); 5615 break; 5616 case KERBEROS_PA_PK_AS_REP: 5617 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_pkinit_PaPkAsRep); 5618 break; 5619 case KERBEROS_PA_PAC_REQUEST: 5620 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_PAC_REQUEST); 5621 break; 5622 case KERBEROS_PA_FOR_USER: /* S4U2SELF */ 5623 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_S4U2Self); 5624 break; 5625 case KERBEROS_PA_FOR_X509_USER: 5626 if(private_data->msg_type == KRB5_MSG_AS_REQ){ 5627 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_x509af_Certificate); 5628 }else if(private_data->is_enc_padata){ 5629 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, NULL); 5630 }else{ 5631 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_S4U_X509_USER); 5632 } 5633 break; 5634 case KERBEROS_PA_PROV_SRV_LOCATION: 5635 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_krb5_PA_PROV_SRV_LOCATION); 5636 break; 5637 case KERBEROS_PA_ENC_TIMESTAMP: 5638 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_ENC_TIMESTAMP); 5639 break; 5640 case KERBEROS_PA_ETYPE_INFO: 5641 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_ETYPE_INFO); 5642 break; 5643 case KERBEROS_PA_ETYPE_INFO2: 5644 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_ETYPE_INFO2); 5645 break; 5646 case KERBEROS_PA_PW_SALT: 5647 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_krb5_PW_SALT); 5648 break; 5649 case KERBEROS_PA_AUTH_SET_SELECTED: 5650 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_AUTHENTICATION_SET_ELEM); 5651 break; 5652 case KERBEROS_PA_FX_FAST: 5653 if (kerberos_private_is_kdc_req(private_data)) { 5654 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_FX_FAST_REQUEST); 5655 }else{ 5656 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_FX_FAST_REPLY); 5657 } 5658 break; 5659 case KERBEROS_PA_FX_ERROR: 5660 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_Applications); 5661 break; 5662 case KERBEROS_PA_ENCRYPTED_CHALLENGE: 5663 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_EncryptedChallenge); 5664 break; 5665 case KERBEROS_PA_KERB_KEY_LIST_REQ: 5666 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset, hf_index, dissect_kerberos_PA_KERB_KEY_LIST_REQ); 5667 break; 5668 case KERBEROS_PA_KERB_KEY_LIST_REP: 5669 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset, hf_index, dissect_kerberos_PA_KERB_KEY_LIST_REP); 5670 break; 5671 case KERBEROS_PA_SUPPORTED_ETYPES: 5672 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_SUPPORTED_ENCTYPES); 5673 break; 5674 case KERBEROS_PA_PAC_OPTIONS: 5675 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset, hf_index, dissect_kerberos_PA_PAC_OPTIONS); 5676 break; 5677 case KERBEROS_PA_REQ_ENC_PA_REP: 5678 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_Checksum); 5679 break; 5680 case KERBEROS_PA_SPAKE: 5681 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_SPAKE); 5682 break; 5683 default: 5684 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, NULL); 5685 break; 5686 } 5687 5688 5689 5690 return offset; 5691 } 5692 5693 5694 static const ber_sequence_t PA_DATA_sequence[] = { 5695 { &hf_kerberos_padata_type, BER_CLASS_CON, 1, 0, dissect_kerberos_PADATA_TYPE }, 5696 { &hf_kerberos_padata_value, BER_CLASS_CON, 2, 0, dissect_kerberos_T_padata_value }, 5697 { NULL, 0, 0, 0, NULL } 5698 }; 5699 5700 static int 5701 dissect_kerberos_PA_DATA(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 5702 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 5703 PA_DATA_sequence, hf_index, ett_kerberos_PA_DATA); 5704 5705 return offset; 5706 } 5707 5708 5709 static const ber_sequence_t SEQUENCE_OF_PA_DATA_sequence_of[1] = { 5710 { &hf_kerberos_padata_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_kerberos_PA_DATA }, 5711 }; 5712 5713 static int 5714 dissect_kerberos_SEQUENCE_OF_PA_DATA(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 5715 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset, 5716 SEQUENCE_OF_PA_DATA_sequence_of, hf_index, ett_kerberos_SEQUENCE_OF_PA_DATA); 5717 5718 return offset; 5719 } 5720 5721 5722 static int * const KDCOptions_bits[] = { 5723 &hf_kerberos_KDCOptions_reserved, 5724 &hf_kerberos_KDCOptions_forwardable, 5725 &hf_kerberos_KDCOptions_forwarded, 5726 &hf_kerberos_KDCOptions_proxiable, 5727 &hf_kerberos_KDCOptions_proxy, 5728 &hf_kerberos_KDCOptions_allow_postdate, 5729 &hf_kerberos_KDCOptions_postdated, 5730 &hf_kerberos_KDCOptions_unused7, 5731 &hf_kerberos_KDCOptions_renewable, 5732 &hf_kerberos_KDCOptions_unused9, 5733 &hf_kerberos_KDCOptions_unused10, 5734 &hf_kerberos_KDCOptions_opt_hardware_auth, 5735 &hf_kerberos_KDCOptions_unused12, 5736 &hf_kerberos_KDCOptions_unused13, 5737 &hf_kerberos_KDCOptions_constrained_delegation, 5738 &hf_kerberos_KDCOptions_canonicalize, 5739 &hf_kerberos_KDCOptions_request_anonymous, 5740 &hf_kerberos_KDCOptions_unused17, 5741 &hf_kerberos_KDCOptions_unused18, 5742 &hf_kerberos_KDCOptions_unused19, 5743 &hf_kerberos_KDCOptions_unused20, 5744 &hf_kerberos_KDCOptions_unused21, 5745 &hf_kerberos_KDCOptions_unused22, 5746 &hf_kerberos_KDCOptions_unused23, 5747 &hf_kerberos_KDCOptions_unused24, 5748 &hf_kerberos_KDCOptions_unused25, 5749 &hf_kerberos_KDCOptions_disable_transited_check, 5750 &hf_kerberos_KDCOptions_renewable_ok, 5751 &hf_kerberos_KDCOptions_enc_tkt_in_skey, 5752 &hf_kerberos_KDCOptions_unused29, 5753 &hf_kerberos_KDCOptions_renew, 5754 &hf_kerberos_KDCOptions_validate, 5755 NULL 5756 }; 5757 5758 static int 5759 dissect_kerberos_KDCOptions(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 5760 offset = dissect_ber_bitstring(implicit_tag, actx, tree, tvb, offset, 5761 KDCOptions_bits, 32, hf_index, ett_kerberos_KDCOptions, 5762 NULL); 5763 5764 return offset; 5765 } 5766 5767 5768 static const ber_sequence_t SEQUENCE_OF_ENCTYPE_sequence_of[1] = { 5769 { &hf_kerberos_kDC_REQ_BODY_etype_item, BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_kerberos_ENCTYPE }, 5770 }; 5771 5772 static int 5773 dissect_kerberos_SEQUENCE_OF_ENCTYPE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 5774 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset, 5775 SEQUENCE_OF_ENCTYPE_sequence_of, hf_index, ett_kerberos_SEQUENCE_OF_ENCTYPE); 5776 5777 return offset; 5778 } 5779 5780 5781 5782 static int 5783 dissect_kerberos_T_encryptedAuthorizationData_cipher(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 5784 #line 334 "./asn1/kerberos/kerberos.cnf" 5785 #ifdef HAVE_KERBEROS 5786 offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_authorization_data); 5787 #else 5788 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index, 5789 NULL); 5790 5791 #endif 5792 5793 5794 5795 return offset; 5796 } 5797 5798 5799 static const ber_sequence_t EncryptedAuthorizationData_sequence[] = { 5800 { &hf_kerberos_etype , BER_CLASS_CON, 0, 0, dissect_kerberos_ENCTYPE }, 5801 { &hf_kerberos_kvno , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_UInt32 }, 5802 { &hf_kerberos_encryptedAuthorizationData_cipher, BER_CLASS_CON, 2, 0, dissect_kerberos_T_encryptedAuthorizationData_cipher }, 5803 { NULL, 0, 0, 0, NULL } 5804 }; 5805 5806 static int 5807 dissect_kerberos_EncryptedAuthorizationData(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 5808 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 5809 EncryptedAuthorizationData_sequence, hf_index, ett_kerberos_EncryptedAuthorizationData); 5810 5811 return offset; 5812 } 5813 5814 5815 static const ber_sequence_t SEQUENCE_OF_Ticket_sequence_of[1] = { 5816 { &hf_kerberos_additional_tickets_item, BER_CLASS_APP, 1, BER_FLAGS_NOOWNTAG, dissect_kerberos_Ticket }, 5817 }; 5818 5819 static int 5820 dissect_kerberos_SEQUENCE_OF_Ticket(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 5821 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset, 5822 SEQUENCE_OF_Ticket_sequence_of, hf_index, ett_kerberos_SEQUENCE_OF_Ticket); 5823 5824 return offset; 5825 } 5826 5827 5828 static const ber_sequence_t KDC_REQ_BODY_sequence[] = { 5829 { &hf_kerberos_kdc_options, BER_CLASS_CON, 0, 0, dissect_kerberos_KDCOptions }, 5830 { &hf_kerberos_cname , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_CName }, 5831 { &hf_kerberos_realm , BER_CLASS_CON, 2, 0, dissect_kerberos_Realm }, 5832 { &hf_kerberos_sname , BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL, dissect_kerberos_SName }, 5833 { &hf_kerberos_from , BER_CLASS_CON, 4, BER_FLAGS_OPTIONAL, dissect_kerberos_KerberosTime }, 5834 { &hf_kerberos_till , BER_CLASS_CON, 5, BER_FLAGS_OPTIONAL, dissect_kerberos_KerberosTime }, 5835 { &hf_kerberos_rtime , BER_CLASS_CON, 6, BER_FLAGS_OPTIONAL, dissect_kerberos_KerberosTime }, 5836 { &hf_kerberos_nonce , BER_CLASS_CON, 7, 0, dissect_kerberos_UInt32 }, 5837 { &hf_kerberos_kDC_REQ_BODY_etype, BER_CLASS_CON, 8, 0, dissect_kerberos_SEQUENCE_OF_ENCTYPE }, 5838 { &hf_kerberos_addresses , BER_CLASS_CON, 9, BER_FLAGS_OPTIONAL, dissect_kerberos_HostAddresses }, 5839 { &hf_kerberos_enc_authorization_data, BER_CLASS_CON, 10, BER_FLAGS_OPTIONAL, dissect_kerberos_EncryptedAuthorizationData }, 5840 { &hf_kerberos_additional_tickets, BER_CLASS_CON, 11, BER_FLAGS_OPTIONAL, dissect_kerberos_SEQUENCE_OF_Ticket }, 5841 { NULL, 0, 0, 0, NULL } 5842 }; 5843 5844 static int 5845 dissect_kerberos_KDC_REQ_BODY(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 5846 #line 566 "./asn1/kerberos/kerberos.cnf" 5847 conversation_t *conversation; 5848 5849 /* 5850 * UDP replies to KDC_REQs are sent from the server back to the client's 5851 * source port, similar to the way TFTP works. Set up a conversation 5852 * accordingly. 5853 * 5854 * Ref: Section 7.2.1 of 5855 * http://www.ietf.org/internet-drafts/draft-ietf-krb-wg-kerberos-clarifications-07.txt 5856 */ 5857 if (actx->pinfo->destport == UDP_PORT_KERBEROS && actx->pinfo->ptype == PT_UDP) { 5858 conversation = find_conversation(actx->pinfo->num, &actx->pinfo->src, &actx->pinfo->dst, ENDPOINT_UDP, 5859 actx->pinfo->srcport, 0, NO_PORT_B); 5860 if (conversation == NULL) { 5861 conversation = conversation_new(actx->pinfo->num, &actx->pinfo->src, &actx->pinfo->dst, ENDPOINT_UDP, 5862 actx->pinfo->srcport, 0, NO_PORT2); 5863 conversation_set_dissector(conversation, kerberos_handle_udp); 5864 } 5865 } 5866 5867 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 5868 KDC_REQ_BODY_sequence, hf_index, ett_kerberos_KDC_REQ_BODY); 5869 5870 5871 5872 5873 return offset; 5874 } 5875 5876 5877 static const ber_sequence_t KDC_REQ_sequence[] = { 5878 { &hf_kerberos_pvno , BER_CLASS_CON, 1, 0, dissect_kerberos_INTEGER_5 }, 5879 { &hf_kerberos_msg_type , BER_CLASS_CON, 2, 0, dissect_kerberos_MESSAGE_TYPE }, 5880 { &hf_kerberos_padata , BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL, dissect_kerberos_SEQUENCE_OF_PA_DATA }, 5881 { &hf_kerberos_req_body , BER_CLASS_CON, 4, 0, dissect_kerberos_KDC_REQ_BODY }, 5882 { NULL, 0, 0, 0, NULL } 5883 }; 5884 5885 static int 5886 dissect_kerberos_KDC_REQ(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 5887 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 5888 KDC_REQ_sequence, hf_index, ett_kerberos_KDC_REQ); 5889 5890 return offset; 5891 } 5892 5893 5894 5895 static int 5896 dissect_kerberos_AS_REQ(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 5897 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset, 5898 hf_index, BER_CLASS_APP, 10, FALSE, dissect_kerberos_KDC_REQ); 5899 5900 return offset; 5901 } 5902 5903 5904 5905 static int 5906 dissect_kerberos_T_encryptedKDCREPData_cipher(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 5907 #line 348 "./asn1/kerberos/kerberos.cnf" 5908 #ifdef HAVE_KERBEROS 5909 offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_KDC_REP_data); 5910 #else 5911 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index, 5912 NULL); 5913 5914 #endif 5915 5916 5917 5918 return offset; 5919 } 5920 5921 5922 static const ber_sequence_t EncryptedKDCREPData_sequence[] = { 5923 { &hf_kerberos_etype , BER_CLASS_CON, 0, 0, dissect_kerberos_ENCTYPE }, 5924 { &hf_kerberos_kvno , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_UInt32 }, 5925 { &hf_kerberos_encryptedKDCREPData_cipher, BER_CLASS_CON, 2, 0, dissect_kerberos_T_encryptedKDCREPData_cipher }, 5926 { NULL, 0, 0, 0, NULL } 5927 }; 5928 5929 static int 5930 dissect_kerberos_EncryptedKDCREPData(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 5931 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 5932 EncryptedKDCREPData_sequence, hf_index, ett_kerberos_EncryptedKDCREPData); 5933 5934 return offset; 5935 } 5936 5937 5938 static const ber_sequence_t KDC_REP_sequence[] = { 5939 { &hf_kerberos_pvno , BER_CLASS_CON, 0, 0, dissect_kerberos_INTEGER_5 }, 5940 { &hf_kerberos_msg_type , BER_CLASS_CON, 1, 0, dissect_kerberos_MESSAGE_TYPE }, 5941 { &hf_kerberos_padata , BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL, dissect_kerberos_SEQUENCE_OF_PA_DATA }, 5942 { &hf_kerberos_crealm , BER_CLASS_CON, 3, 0, dissect_kerberos_Realm }, 5943 { &hf_kerberos_cname , BER_CLASS_CON, 4, 0, dissect_kerberos_CName }, 5944 { &hf_kerberos_ticket , BER_CLASS_CON, 5, 0, dissect_kerberos_Ticket }, 5945 { &hf_kerberos_kDC_REP_enc_part, BER_CLASS_CON, 6, 0, dissect_kerberos_EncryptedKDCREPData }, 5946 { NULL, 0, 0, 0, NULL } 5947 }; 5948 5949 static int 5950 dissect_kerberos_KDC_REP(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 5951 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 5952 KDC_REP_sequence, hf_index, ett_kerberos_KDC_REP); 5953 5954 return offset; 5955 } 5956 5957 5958 5959 static int 5960 dissect_kerberos_AS_REP(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 5961 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset, 5962 hf_index, BER_CLASS_APP, 11, FALSE, dissect_kerberos_KDC_REP); 5963 5964 return offset; 5965 } 5966 5967 5968 5969 static int 5970 dissect_kerberos_TGS_REQ(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 5971 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset, 5972 hf_index, BER_CLASS_APP, 12, FALSE, dissect_kerberos_KDC_REQ); 5973 5974 return offset; 5975 } 5976 5977 5978 5979 static int 5980 dissect_kerberos_TGS_REP(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 5981 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset, 5982 hf_index, BER_CLASS_APP, 13, FALSE, dissect_kerberos_KDC_REP); 5983 5984 return offset; 5985 } 5986 5987 5988 static int * const APOptions_bits[] = { 5989 &hf_kerberos_APOptions_reserved, 5990 &hf_kerberos_APOptions_use_session_key, 5991 &hf_kerberos_APOptions_mutual_required, 5992 NULL 5993 }; 5994 5995 static int 5996 dissect_kerberos_APOptions(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 5997 offset = dissect_ber_bitstring(implicit_tag, actx, tree, tvb, offset, 5998 APOptions_bits, 3, hf_index, ett_kerberos_APOptions, 5999 NULL); 6000 6001 return offset; 6002 } 6003 6004 6005 6006 static int 6007 dissect_kerberos_T_encryptedAuthenticator_cipher(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 6008 #line 341 "./asn1/kerberos/kerberos.cnf" 6009 #ifdef HAVE_KERBEROS 6010 offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_authenticator_data); 6011 #else 6012 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index, 6013 NULL); 6014 6015 #endif 6016 6017 6018 6019 return offset; 6020 } 6021 6022 6023 static const ber_sequence_t EncryptedAuthenticator_sequence[] = { 6024 { &hf_kerberos_etype , BER_CLASS_CON, 0, 0, dissect_kerberos_ENCTYPE }, 6025 { &hf_kerberos_kvno , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_UInt32 }, 6026 { &hf_kerberos_encryptedAuthenticator_cipher, BER_CLASS_CON, 2, 0, dissect_kerberos_T_encryptedAuthenticator_cipher }, 6027 { NULL, 0, 0, 0, NULL } 6028 }; 6029 6030 static int 6031 dissect_kerberos_EncryptedAuthenticator(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 6032 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 6033 EncryptedAuthenticator_sequence, hf_index, ett_kerberos_EncryptedAuthenticator); 6034 6035 return offset; 6036 } 6037 6038 6039 static const ber_sequence_t AP_REQ_U_sequence[] = { 6040 { &hf_kerberos_pvno , BER_CLASS_CON, 0, 0, dissect_kerberos_INTEGER_5 }, 6041 { &hf_kerberos_msg_type , BER_CLASS_CON, 1, 0, dissect_kerberos_MESSAGE_TYPE }, 6042 { &hf_kerberos_ap_options , BER_CLASS_CON, 2, 0, dissect_kerberos_APOptions }, 6043 { &hf_kerberos_ticket , BER_CLASS_CON, 3, 0, dissect_kerberos_Ticket }, 6044 { &hf_kerberos_authenticator_enc_part, BER_CLASS_CON, 4, 0, dissect_kerberos_EncryptedAuthenticator }, 6045 { NULL, 0, 0, 0, NULL } 6046 }; 6047 6048 static int 6049 dissect_kerberos_AP_REQ_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 6050 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 6051 AP_REQ_U_sequence, hf_index, ett_kerberos_AP_REQ_U); 6052 6053 return offset; 6054 } 6055 6056 6057 6058 static int 6059 dissect_kerberos_AP_REQ(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 6060 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset, 6061 hf_index, BER_CLASS_APP, 14, FALSE, dissect_kerberos_AP_REQ_U); 6062 6063 return offset; 6064 } 6065 6066 6067 6068 static int 6069 dissect_kerberos_T_encryptedAPREPData_cipher(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 6070 #line 362 "./asn1/kerberos/kerberos.cnf" 6071 #ifdef HAVE_KERBEROS 6072 offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_AP_REP_data); 6073 #else 6074 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index, 6075 NULL); 6076 6077 #endif 6078 6079 6080 6081 return offset; 6082 } 6083 6084 6085 static const ber_sequence_t EncryptedAPREPData_sequence[] = { 6086 { &hf_kerberos_etype , BER_CLASS_CON, 0, 0, dissect_kerberos_ENCTYPE }, 6087 { &hf_kerberos_kvno , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_UInt32 }, 6088 { &hf_kerberos_encryptedAPREPData_cipher, BER_CLASS_CON, 2, 0, dissect_kerberos_T_encryptedAPREPData_cipher }, 6089 { NULL, 0, 0, 0, NULL } 6090 }; 6091 6092 static int 6093 dissect_kerberos_EncryptedAPREPData(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 6094 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 6095 EncryptedAPREPData_sequence, hf_index, ett_kerberos_EncryptedAPREPData); 6096 6097 return offset; 6098 } 6099 6100 6101 static const ber_sequence_t AP_REP_U_sequence[] = { 6102 { &hf_kerberos_pvno , BER_CLASS_CON, 0, 0, dissect_kerberos_INTEGER_5 }, 6103 { &hf_kerberos_msg_type , BER_CLASS_CON, 1, 0, dissect_kerberos_MESSAGE_TYPE }, 6104 { &hf_kerberos_aP_REP_enc_part, BER_CLASS_CON, 2, 0, dissect_kerberos_EncryptedAPREPData }, 6105 { NULL, 0, 0, 0, NULL } 6106 }; 6107 6108 static int 6109 dissect_kerberos_AP_REP_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 6110 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 6111 AP_REP_U_sequence, hf_index, ett_kerberos_AP_REP_U); 6112 6113 return offset; 6114 } 6115 6116 6117 6118 static int 6119 dissect_kerberos_AP_REP(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 6120 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset, 6121 hf_index, BER_CLASS_APP, 15, FALSE, dissect_kerberos_AP_REP_U); 6122 6123 return offset; 6124 } 6125 6126 6127 6128 static int 6129 dissect_kerberos_T_kRB_SAFE_BODY_user_data(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 6130 #line 589 "./asn1/kerberos/kerberos.cnf" 6131 kerberos_private_data_t* private_data = kerberos_get_private_data(actx); 6132 tvbuff_t *new_tvb; 6133 offset=dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_index, &new_tvb); 6134 if (new_tvb) { 6135 call_kerberos_callbacks(actx->pinfo, tree, new_tvb, KRB_CBTAG_SAFE_USER_DATA, private_data->callbacks); 6136 } 6137 6138 6139 6140 return offset; 6141 } 6142 6143 6144 static const ber_sequence_t KRB_SAFE_BODY_sequence[] = { 6145 { &hf_kerberos_kRB_SAFE_BODY_user_data, BER_CLASS_CON, 0, 0, dissect_kerberos_T_kRB_SAFE_BODY_user_data }, 6146 { &hf_kerberos_timestamp , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_KerberosTime }, 6147 { &hf_kerberos_usec , BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL, dissect_kerberos_Microseconds }, 6148 { &hf_kerberos_seq_number , BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL, dissect_kerberos_UInt32 }, 6149 { &hf_kerberos_s_address , BER_CLASS_CON, 4, BER_FLAGS_OPTIONAL, dissect_kerberos_HostAddress }, 6150 { &hf_kerberos_r_address , BER_CLASS_CON, 5, BER_FLAGS_OPTIONAL, dissect_kerberos_HostAddress }, 6151 { NULL, 0, 0, 0, NULL } 6152 }; 6153 6154 static int 6155 dissect_kerberos_KRB_SAFE_BODY(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 6156 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 6157 KRB_SAFE_BODY_sequence, hf_index, ett_kerberos_KRB_SAFE_BODY); 6158 6159 return offset; 6160 } 6161 6162 6163 static const ber_sequence_t KRB_SAFE_U_sequence[] = { 6164 { &hf_kerberos_pvno , BER_CLASS_CON, 0, 0, dissect_kerberos_INTEGER_5 }, 6165 { &hf_kerberos_msg_type , BER_CLASS_CON, 1, 0, dissect_kerberos_MESSAGE_TYPE }, 6166 { &hf_kerberos_safe_body , BER_CLASS_CON, 2, 0, dissect_kerberos_KRB_SAFE_BODY }, 6167 { &hf_kerberos_cksum , BER_CLASS_CON, 3, 0, dissect_kerberos_Checksum }, 6168 { NULL, 0, 0, 0, NULL } 6169 }; 6170 6171 static int 6172 dissect_kerberos_KRB_SAFE_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 6173 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 6174 KRB_SAFE_U_sequence, hf_index, ett_kerberos_KRB_SAFE_U); 6175 6176 return offset; 6177 } 6178 6179 6180 6181 static int 6182 dissect_kerberos_KRB_SAFE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 6183 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset, 6184 hf_index, BER_CLASS_APP, 20, FALSE, dissect_kerberos_KRB_SAFE_U); 6185 6186 return offset; 6187 } 6188 6189 6190 6191 static int 6192 dissect_kerberos_T_encryptedKrbPrivData_cipher(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 6193 #line 369 "./asn1/kerberos/kerberos.cnf" 6194 #ifdef HAVE_KERBEROS 6195 offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_PRIV_data); 6196 #else 6197 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index, 6198 NULL); 6199 6200 #endif 6201 6202 6203 6204 return offset; 6205 } 6206 6207 6208 static const ber_sequence_t EncryptedKrbPrivData_sequence[] = { 6209 { &hf_kerberos_etype , BER_CLASS_CON, 0, 0, dissect_kerberos_ENCTYPE }, 6210 { &hf_kerberos_kvno , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_UInt32 }, 6211 { &hf_kerberos_encryptedKrbPrivData_cipher, BER_CLASS_CON, 2, 0, dissect_kerberos_T_encryptedKrbPrivData_cipher }, 6212 { NULL, 0, 0, 0, NULL } 6213 }; 6214 6215 static int 6216 dissect_kerberos_EncryptedKrbPrivData(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 6217 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 6218 EncryptedKrbPrivData_sequence, hf_index, ett_kerberos_EncryptedKrbPrivData); 6219 6220 return offset; 6221 } 6222 6223 6224 static const ber_sequence_t KRB_PRIV_U_sequence[] = { 6225 { &hf_kerberos_pvno , BER_CLASS_CON, 0, 0, dissect_kerberos_INTEGER_5 }, 6226 { &hf_kerberos_msg_type , BER_CLASS_CON, 1, 0, dissect_kerberos_MESSAGE_TYPE }, 6227 { &hf_kerberos_kRB_PRIV_enc_part, BER_CLASS_CON, 3, 0, dissect_kerberos_EncryptedKrbPrivData }, 6228 { NULL, 0, 0, 0, NULL } 6229 }; 6230 6231 static int 6232 dissect_kerberos_KRB_PRIV_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 6233 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 6234 KRB_PRIV_U_sequence, hf_index, ett_kerberos_KRB_PRIV_U); 6235 6236 return offset; 6237 } 6238 6239 6240 6241 static int 6242 dissect_kerberos_KRB_PRIV(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 6243 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset, 6244 hf_index, BER_CLASS_APP, 21, FALSE, dissect_kerberos_KRB_PRIV_U); 6245 6246 return offset; 6247 } 6248 6249 6250 6251 static int 6252 dissect_kerberos_T_encryptedKrbCredData_cipher(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 6253 #line 376 "./asn1/kerberos/kerberos.cnf" 6254 #ifdef HAVE_KERBEROS 6255 offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_CRED_data); 6256 #else 6257 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index, 6258 NULL); 6259 6260 #endif 6261 6262 6263 6264 return offset; 6265 } 6266 6267 6268 static const ber_sequence_t EncryptedKrbCredData_sequence[] = { 6269 { &hf_kerberos_etype , BER_CLASS_CON, 0, 0, dissect_kerberos_ENCTYPE }, 6270 { &hf_kerberos_kvno , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_UInt32 }, 6271 { &hf_kerberos_encryptedKrbCredData_cipher, BER_CLASS_CON, 2, 0, dissect_kerberos_T_encryptedKrbCredData_cipher }, 6272 { NULL, 0, 0, 0, NULL } 6273 }; 6274 6275 static int 6276 dissect_kerberos_EncryptedKrbCredData(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 6277 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 6278 EncryptedKrbCredData_sequence, hf_index, ett_kerberos_EncryptedKrbCredData); 6279 6280 return offset; 6281 } 6282 6283 6284 static const ber_sequence_t KRB_CRED_U_sequence[] = { 6285 { &hf_kerberos_pvno , BER_CLASS_CON, 0, 0, dissect_kerberos_INTEGER_5 }, 6286 { &hf_kerberos_msg_type , BER_CLASS_CON, 1, 0, dissect_kerberos_MESSAGE_TYPE }, 6287 { &hf_kerberos_tickets , BER_CLASS_CON, 2, 0, dissect_kerberos_SEQUENCE_OF_Ticket }, 6288 { &hf_kerberos_kRB_CRED_enc_part, BER_CLASS_CON, 3, 0, dissect_kerberos_EncryptedKrbCredData }, 6289 { NULL, 0, 0, 0, NULL } 6290 }; 6291 6292 static int 6293 dissect_kerberos_KRB_CRED_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 6294 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 6295 KRB_CRED_U_sequence, hf_index, ett_kerberos_KRB_CRED_U); 6296 6297 return offset; 6298 } 6299 6300 6301 6302 static int 6303 dissect_kerberos_KRB_CRED(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 6304 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset, 6305 hf_index, BER_CLASS_APP, 22, FALSE, dissect_kerberos_KRB_CRED_U); 6306 6307 return offset; 6308 } 6309 6310 6311 6312 static int 6313 dissect_kerberos_T_encKDCRepPart_key(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 6314 #line 468 "./asn1/kerberos/kerberos.cnf" 6315 kerberos_private_data_t *private_data = kerberos_get_private_data(actx); 6316 gint save_encryption_key_parent_hf_index = private_data->save_encryption_key_parent_hf_index; 6317 kerberos_key_save_fn saved_encryption_key_fn = private_data->save_encryption_key_fn; 6318 switch (private_data->msg_type) { 6319 case KERBEROS_APPLICATIONS_AS_REP: 6320 private_data->save_encryption_key_parent_hf_index = hf_kerberos_encASRepPart; 6321 break; 6322 case KERBEROS_APPLICATIONS_TGS_REP: 6323 private_data->save_encryption_key_parent_hf_index = hf_kerberos_encTGSRepPart; 6324 break; 6325 default: 6326 private_data->save_encryption_key_parent_hf_index = -1; 6327 } 6328 #ifdef HAVE_KERBEROS 6329 private_data->save_encryption_key_fn = save_EncKDCRepPart_key; 6330 #endif 6331 offset = dissect_kerberos_EncryptionKey(implicit_tag, tvb, offset, actx, tree, hf_index); 6332 6333 private_data->save_encryption_key_parent_hf_index = save_encryption_key_parent_hf_index; 6334 private_data->save_encryption_key_fn = saved_encryption_key_fn; 6335 6336 6337 6338 return offset; 6339 } 6340 6341 6342 static const value_string kerberos_LR_TYPE_vals[] = { 6343 { 0, "lR-NONE" }, 6344 { 1, "lR-INITIAL-TGT" }, 6345 { 2, "lR-INITIAL" }, 6346 { 3, "lR-ISSUE-USE-TGT" }, 6347 { 4, "lR-RENEWAL" }, 6348 { 5, "lR-REQUEST" }, 6349 { 6, "lR-PW-EXPTIME" }, 6350 { 7, "lR-ACCT-EXPTIME" }, 6351 { 0, NULL } 6352 }; 6353 6354 6355 static int 6356 dissect_kerberos_LR_TYPE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 6357 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index, 6358 NULL); 6359 6360 return offset; 6361 } 6362 6363 6364 static const ber_sequence_t LastReq_item_sequence[] = { 6365 { &hf_kerberos_lr_type , BER_CLASS_CON, 0, 0, dissect_kerberos_LR_TYPE }, 6366 { &hf_kerberos_lr_value , BER_CLASS_CON, 1, 0, dissect_kerberos_KerberosTime }, 6367 { NULL, 0, 0, 0, NULL } 6368 }; 6369 6370 static int 6371 dissect_kerberos_LastReq_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 6372 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 6373 LastReq_item_sequence, hf_index, ett_kerberos_LastReq_item); 6374 6375 return offset; 6376 } 6377 6378 6379 static const ber_sequence_t LastReq_sequence_of[1] = { 6380 { &hf_kerberos_LastReq_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_kerberos_LastReq_item }, 6381 }; 6382 6383 static int 6384 dissect_kerberos_LastReq(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 6385 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset, 6386 LastReq_sequence_of, hf_index, ett_kerberos_LastReq); 6387 6388 return offset; 6389 } 6390 6391 6392 static const ber_sequence_t METHOD_DATA_sequence_of[1] = { 6393 { &hf_kerberos_METHOD_DATA_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_kerberos_PA_DATA }, 6394 }; 6395 6396 static int 6397 dissect_kerberos_METHOD_DATA(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 6398 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset, 6399 METHOD_DATA_sequence_of, hf_index, ett_kerberos_METHOD_DATA); 6400 6401 return offset; 6402 } 6403 6404 6405 6406 static int 6407 dissect_kerberos_T_encrypted_pa_data(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 6408 #line 605 "./asn1/kerberos/kerberos.cnf" 6409 kerberos_private_data_t* private_data = kerberos_get_private_data(actx); 6410 private_data->is_enc_padata = TRUE; 6411 6412 6413 offset = dissect_kerberos_METHOD_DATA(implicit_tag, tvb, offset, actx, tree, hf_index); 6414 6415 #line 609 "./asn1/kerberos/kerberos.cnf" 6416 private_data->is_enc_padata = FALSE; 6417 6418 6419 return offset; 6420 } 6421 6422 6423 static const ber_sequence_t EncKDCRepPart_sequence[] = { 6424 { &hf_kerberos_encKDCRepPart_key, BER_CLASS_CON, 0, 0, dissect_kerberos_T_encKDCRepPart_key }, 6425 { &hf_kerberos_last_req , BER_CLASS_CON, 1, 0, dissect_kerberos_LastReq }, 6426 { &hf_kerberos_nonce , BER_CLASS_CON, 2, 0, dissect_kerberos_UInt32 }, 6427 { &hf_kerberos_key_expiration, BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL, dissect_kerberos_KerberosTime }, 6428 { &hf_kerberos_flags , BER_CLASS_CON, 4, 0, dissect_kerberos_TicketFlags }, 6429 { &hf_kerberos_authtime , BER_CLASS_CON, 5, 0, dissect_kerberos_KerberosTime }, 6430 { &hf_kerberos_starttime , BER_CLASS_CON, 6, BER_FLAGS_OPTIONAL, dissect_kerberos_KerberosTime }, 6431 { &hf_kerberos_endtime , BER_CLASS_CON, 7, 0, dissect_kerberos_KerberosTime }, 6432 { &hf_kerberos_renew_till , BER_CLASS_CON, 8, BER_FLAGS_OPTIONAL, dissect_kerberos_KerberosTime }, 6433 { &hf_kerberos_srealm , BER_CLASS_CON, 9, 0, dissect_kerberos_Realm }, 6434 { &hf_kerberos_sname , BER_CLASS_CON, 10, 0, dissect_kerberos_SName }, 6435 { &hf_kerberos_caddr , BER_CLASS_CON, 11, BER_FLAGS_OPTIONAL, dissect_kerberos_HostAddresses }, 6436 { &hf_kerberos_encrypted_pa_data, BER_CLASS_CON, 12, BER_FLAGS_OPTIONAL, dissect_kerberos_T_encrypted_pa_data }, 6437 { NULL, 0, 0, 0, NULL } 6438 }; 6439 6440 static int 6441 dissect_kerberos_EncKDCRepPart(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 6442 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 6443 EncKDCRepPart_sequence, hf_index, ett_kerberos_EncKDCRepPart); 6444 6445 return offset; 6446 } 6447 6448 6449 6450 static int 6451 dissect_kerberos_EncASRepPart(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 6452 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset, 6453 hf_index, BER_CLASS_APP, 25, FALSE, dissect_kerberos_EncKDCRepPart); 6454 6455 return offset; 6456 } 6457 6458 6459 6460 static int 6461 dissect_kerberos_EncTGSRepPart(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 6462 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset, 6463 hf_index, BER_CLASS_APP, 26, FALSE, dissect_kerberos_EncKDCRepPart); 6464 6465 return offset; 6466 } 6467 6468 6469 6470 static int 6471 dissect_kerberos_T_encAPRepPart_subkey(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 6472 #line 456 "./asn1/kerberos/kerberos.cnf" 6473 kerberos_private_data_t *private_data = kerberos_get_private_data(actx); 6474 gint save_encryption_key_parent_hf_index = private_data->save_encryption_key_parent_hf_index; 6475 kerberos_key_save_fn saved_encryption_key_fn = private_data->save_encryption_key_fn; 6476 private_data->save_encryption_key_parent_hf_index = hf_kerberos_encAPRepPart; 6477 #ifdef HAVE_KERBEROS 6478 private_data->save_encryption_key_fn = save_EncAPRepPart_subkey; 6479 #endif 6480 offset = dissect_kerberos_EncryptionKey(implicit_tag, tvb, offset, actx, tree, hf_index); 6481 6482 private_data->save_encryption_key_parent_hf_index = save_encryption_key_parent_hf_index; 6483 private_data->save_encryption_key_fn = saved_encryption_key_fn; 6484 6485 6486 6487 return offset; 6488 } 6489 6490 6491 static const ber_sequence_t EncAPRepPart_U_sequence[] = { 6492 { &hf_kerberos_ctime , BER_CLASS_CON, 0, 0, dissect_kerberos_KerberosTime }, 6493 { &hf_kerberos_cusec , BER_CLASS_CON, 1, 0, dissect_kerberos_Microseconds }, 6494 { &hf_kerberos_encAPRepPart_subkey, BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL, dissect_kerberos_T_encAPRepPart_subkey }, 6495 { &hf_kerberos_seq_number , BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL, dissect_kerberos_UInt32 }, 6496 { NULL, 0, 0, 0, NULL } 6497 }; 6498 6499 static int 6500 dissect_kerberos_EncAPRepPart_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 6501 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 6502 EncAPRepPart_U_sequence, hf_index, ett_kerberos_EncAPRepPart_U); 6503 6504 return offset; 6505 } 6506 6507 6508 6509 static int 6510 dissect_kerberos_EncAPRepPart(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 6511 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset, 6512 hf_index, BER_CLASS_APP, 27, FALSE, dissect_kerberos_EncAPRepPart_U); 6513 6514 return offset; 6515 } 6516 6517 6518 6519 static int 6520 dissect_kerberos_T_encKrbPrivPart_user_data(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 6521 #line 597 "./asn1/kerberos/kerberos.cnf" 6522 kerberos_private_data_t* private_data = kerberos_get_private_data(actx); 6523 tvbuff_t *new_tvb; 6524 offset=dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_index, &new_tvb); 6525 if (new_tvb) { 6526 call_kerberos_callbacks(actx->pinfo, tree, new_tvb, KRB_CBTAG_PRIV_USER_DATA, private_data->callbacks); 6527 } 6528 6529 6530 6531 return offset; 6532 } 6533 6534 6535 static const ber_sequence_t EncKrbPrivPart_sequence[] = { 6536 { &hf_kerberos_encKrbPrivPart_user_data, BER_CLASS_CON, 0, 0, dissect_kerberos_T_encKrbPrivPart_user_data }, 6537 { &hf_kerberos_timestamp , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_KerberosTime }, 6538 { &hf_kerberos_usec , BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL, dissect_kerberos_Microseconds }, 6539 { &hf_kerberos_seq_number , BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL, dissect_kerberos_UInt32 }, 6540 { &hf_kerberos_s_address , BER_CLASS_CON, 4, 0, dissect_kerberos_HostAddress }, 6541 { &hf_kerberos_r_address , BER_CLASS_CON, 5, BER_FLAGS_OPTIONAL, dissect_kerberos_HostAddress }, 6542 { NULL, 0, 0, 0, NULL } 6543 }; 6544 6545 static int 6546 dissect_kerberos_EncKrbPrivPart(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 6547 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 6548 EncKrbPrivPart_sequence, hf_index, ett_kerberos_EncKrbPrivPart); 6549 6550 return offset; 6551 } 6552 6553 6554 6555 static int 6556 dissect_kerberos_ENC_KRB_PRIV_PART(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 6557 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset, 6558 hf_index, BER_CLASS_APP, 28, FALSE, dissect_kerberos_EncKrbPrivPart); 6559 6560 return offset; 6561 } 6562 6563 6564 6565 static int 6566 dissect_kerberos_T_krbCredInfo_key(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 6567 #line 501 "./asn1/kerberos/kerberos.cnf" 6568 kerberos_private_data_t *private_data = kerberos_get_private_data(actx); 6569 gint save_encryption_key_parent_hf_index = private_data->save_encryption_key_parent_hf_index; 6570 kerberos_key_save_fn saved_encryption_key_fn = private_data->save_encryption_key_fn; 6571 private_data->save_encryption_key_parent_hf_index = hf_kerberos_ticket_info_item; 6572 #ifdef HAVE_KERBEROS 6573 private_data->save_encryption_key_fn = save_KrbCredInfo_key; 6574 #endif 6575 offset = dissect_kerberos_EncryptionKey(implicit_tag, tvb, offset, actx, tree, hf_index); 6576 6577 private_data->save_encryption_key_parent_hf_index = save_encryption_key_parent_hf_index; 6578 private_data->save_encryption_key_fn = saved_encryption_key_fn; 6579 6580 6581 6582 return offset; 6583 } 6584 6585 6586 static const ber_sequence_t SEQUENCE_OF_KerberosString_sequence_of[1] = { 6587 { &hf_kerberos_name_string_item, BER_CLASS_UNI, BER_UNI_TAG_GeneralString, BER_FLAGS_NOOWNTAG, dissect_kerberos_KerberosString }, 6588 }; 6589 6590 static int 6591 dissect_kerberos_SEQUENCE_OF_KerberosString(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 6592 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset, 6593 SEQUENCE_OF_KerberosString_sequence_of, hf_index, ett_kerberos_SEQUENCE_OF_KerberosString); 6594 6595 return offset; 6596 } 6597 6598 6599 static const ber_sequence_t PrincipalName_sequence[] = { 6600 { &hf_kerberos_name_type , BER_CLASS_CON, 0, 0, dissect_kerberos_NAME_TYPE }, 6601 { &hf_kerberos_name_string, BER_CLASS_CON, 1, 0, dissect_kerberos_SEQUENCE_OF_KerberosString }, 6602 { NULL, 0, 0, 0, NULL } 6603 }; 6604 6605 static int 6606 dissect_kerberos_PrincipalName(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 6607 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 6608 PrincipalName_sequence, hf_index, ett_kerberos_PrincipalName); 6609 6610 return offset; 6611 } 6612 6613 6614 static const ber_sequence_t KrbCredInfo_sequence[] = { 6615 { &hf_kerberos_krbCredInfo_key, BER_CLASS_CON, 0, 0, dissect_kerberos_T_krbCredInfo_key }, 6616 { &hf_kerberos_prealm , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_Realm }, 6617 { &hf_kerberos_pname , BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL, dissect_kerberos_PrincipalName }, 6618 { &hf_kerberos_flags , BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL, dissect_kerberos_TicketFlags }, 6619 { &hf_kerberos_authtime , BER_CLASS_CON, 4, BER_FLAGS_OPTIONAL, dissect_kerberos_KerberosTime }, 6620 { &hf_kerberos_starttime , BER_CLASS_CON, 5, BER_FLAGS_OPTIONAL, dissect_kerberos_KerberosTime }, 6621 { &hf_kerberos_endtime , BER_CLASS_CON, 6, BER_FLAGS_OPTIONAL, dissect_kerberos_KerberosTime }, 6622 { &hf_kerberos_renew_till , BER_CLASS_CON, 7, BER_FLAGS_OPTIONAL, dissect_kerberos_KerberosTime }, 6623 { &hf_kerberos_srealm , BER_CLASS_CON, 8, BER_FLAGS_OPTIONAL, dissect_kerberos_Realm }, 6624 { &hf_kerberos_sname , BER_CLASS_CON, 9, BER_FLAGS_OPTIONAL, dissect_kerberos_SName }, 6625 { &hf_kerberos_caddr , BER_CLASS_CON, 10, BER_FLAGS_OPTIONAL, dissect_kerberos_HostAddresses }, 6626 { NULL, 0, 0, 0, NULL } 6627 }; 6628 6629 static int 6630 dissect_kerberos_KrbCredInfo(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 6631 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 6632 KrbCredInfo_sequence, hf_index, ett_kerberos_KrbCredInfo); 6633 6634 return offset; 6635 } 6636 6637 6638 static const ber_sequence_t SEQUENCE_OF_KrbCredInfo_sequence_of[1] = { 6639 { &hf_kerberos_ticket_info_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_kerberos_KrbCredInfo }, 6640 }; 6641 6642 static int 6643 dissect_kerberos_SEQUENCE_OF_KrbCredInfo(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 6644 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset, 6645 SEQUENCE_OF_KrbCredInfo_sequence_of, hf_index, ett_kerberos_SEQUENCE_OF_KrbCredInfo); 6646 6647 return offset; 6648 } 6649 6650 6651 static const ber_sequence_t EncKrbCredPart_U_sequence[] = { 6652 { &hf_kerberos_ticket_info, BER_CLASS_CON, 0, 0, dissect_kerberos_SEQUENCE_OF_KrbCredInfo }, 6653 { &hf_kerberos_nonce , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_UInt32 }, 6654 { &hf_kerberos_timestamp , BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL, dissect_kerberos_KerberosTime }, 6655 { &hf_kerberos_usec , BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL, dissect_kerberos_Microseconds }, 6656 { &hf_kerberos_s_address , BER_CLASS_CON, 4, BER_FLAGS_OPTIONAL, dissect_kerberos_HostAddress }, 6657 { &hf_kerberos_r_address , BER_CLASS_CON, 5, BER_FLAGS_OPTIONAL, dissect_kerberos_HostAddress }, 6658 { NULL, 0, 0, 0, NULL } 6659 }; 6660 6661 static int 6662 dissect_kerberos_EncKrbCredPart_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 6663 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 6664 EncKrbCredPart_U_sequence, hf_index, ett_kerberos_EncKrbCredPart_U); 6665 6666 return offset; 6667 } 6668 6669 6670 6671 static int 6672 dissect_kerberos_EncKrbCredPart(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 6673 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset, 6674 hf_index, BER_CLASS_APP, 29, FALSE, dissect_kerberos_EncKrbCredPart_U); 6675 6676 return offset; 6677 } 6678 6679 6680 static const value_string kerberos_ERROR_CODE_vals[] = { 6681 { 0, "eRR-NONE" }, 6682 { 1, "eRR-NAME-EXP" }, 6683 { 2, "eRR-SERVICE-EXP" }, 6684 { 3, "eRR-BAD-PVNO" }, 6685 { 4, "eRR-C-OLD-MAST-KVNO" }, 6686 { 5, "eRR-S-OLD-MAST-KVNO" }, 6687 { 6, "eRR-C-PRINCIPAL-UNKNOWN" }, 6688 { 7, "eRR-S-PRINCIPAL-UNKNOWN" }, 6689 { 8, "eRR-PRINCIPAL-NOT-UNIQUE" }, 6690 { 9, "eRR-NULL-KEY" }, 6691 { 10, "eRR-CANNOT-POSTDATE" }, 6692 { 11, "eRR-NEVER-VALID" }, 6693 { 12, "eRR-POLICY" }, 6694 { 13, "eRR-BADOPTION" }, 6695 { 14, "eRR-ETYPE-NOSUPP" }, 6696 { 15, "eRR-SUMTYPE-NOSUPP" }, 6697 { 16, "eRR-PADATA-TYPE-NOSUPP" }, 6698 { 17, "eRR-TRTYPE-NOSUPP" }, 6699 { 18, "eRR-CLIENT-REVOKED" }, 6700 { 19, "eRR-SERVICE-REVOKED" }, 6701 { 20, "eRR-TGT-REVOKED" }, 6702 { 21, "eRR-CLIENT-NOTYET" }, 6703 { 22, "eRR-SERVICE-NOTYET" }, 6704 { 23, "eRR-KEY-EXP" }, 6705 { 24, "eRR-PREAUTH-FAILED" }, 6706 { 25, "eRR-PREAUTH-REQUIRED" }, 6707 { 26, "eRR-SERVER-NOMATCH" }, 6708 { 27, "eRR-MUST-USE-USER2USER" }, 6709 { 28, "eRR-PATH-NOT-ACCEPTED" }, 6710 { 29, "eRR-SVC-UNAVAILABLE" }, 6711 { 31, "eRR-BAD-INTEGRITY" }, 6712 { 32, "eRR-TKT-EXPIRED" }, 6713 { 33, "eRR-TKT-NYV" }, 6714 { 34, "eRR-REPEAT" }, 6715 { 35, "eRR-NOT-US" }, 6716 { 36, "eRR-BADMATCH" }, 6717 { 37, "eRR-SKEW" }, 6718 { 38, "eRR-BADADDR" }, 6719 { 39, "eRR-BADVERSION" }, 6720 { 40, "eRR-MSG-TYPE" }, 6721 { 41, "eRR-MODIFIED" }, 6722 { 42, "eRR-BADORDER" }, 6723 { 43, "eRR-ILL-CR-TKT" }, 6724 { 44, "eRR-BADKEYVER" }, 6725 { 45, "eRR-NOKEY" }, 6726 { 46, "eRR-MUT-FAIL" }, 6727 { 47, "eRR-BADDIRECTION" }, 6728 { 48, "eRR-METHOD" }, 6729 { 49, "eRR-BADSEQ" }, 6730 { 50, "eRR-INAPP-CKSUM" }, 6731 { 51, "pATH-NOT-ACCEPTED" }, 6732 { 52, "eRR-RESPONSE-TOO-BIG" }, 6733 { 60, "eRR-GENERIC" }, 6734 { 61, "eRR-FIELD-TOOLONG" }, 6735 { 62, "eRROR-CLIENT-NOT-TRUSTED" }, 6736 { 63, "eRROR-KDC-NOT-TRUSTED" }, 6737 { 64, "eRROR-INVALID-SIG" }, 6738 { 65, "eRR-KEY-TOO-WEAK" }, 6739 { 66, "eRR-CERTIFICATE-MISMATCH" }, 6740 { 67, "eRR-NO-TGT" }, 6741 { 68, "eRR-WRONG-REALM" }, 6742 { 69, "eRR-USER-TO-USER-REQUIRED" }, 6743 { 70, "eRR-CANT-VERIFY-CERTIFICATE" }, 6744 { 71, "eRR-INVALID-CERTIFICATE" }, 6745 { 72, "eRR-REVOKED-CERTIFICATE" }, 6746 { 73, "eRR-REVOCATION-STATUS-UNKNOWN" }, 6747 { 74, "eRR-REVOCATION-STATUS-UNAVAILABLE" }, 6748 { 75, "eRR-CLIENT-NAME-MISMATCH" }, 6749 { 76, "eRR-KDC-NAME-MISMATCH" }, 6750 { 0, NULL } 6751 }; 6752 6753 6754 static int 6755 dissect_kerberos_ERROR_CODE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 6756 #line 122 "./asn1/kerberos/kerberos.cnf" 6757 kerberos_private_data_t *private_data = kerberos_get_private_data(actx); 6758 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index, 6759 &private_data->errorcode); 6760 6761 6762 6763 6764 #line 126 "./asn1/kerberos/kerberos.cnf" 6765 if (private_data->errorcode) { 6766 col_add_fstr(actx->pinfo->cinfo, COL_INFO, 6767 "KRB Error: %s", 6768 val_to_str(private_data->errorcode, krb5_error_codes, 6769 "Unknown error code %#x")); 6770 } 6771 6772 6773 return offset; 6774 } 6775 6776 6777 6778 static int 6779 dissect_kerberos_T_e_data(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 6780 #line 135 "./asn1/kerberos/kerberos.cnf" 6781 kerberos_private_data_t *private_data = kerberos_get_private_data(actx); 6782 6783 switch (private_data->errorcode) { 6784 case KRB5_ET_KRB5KDC_ERR_BADOPTION: 6785 case KRB5_ET_KRB5KDC_ERR_CLIENT_REVOKED: 6786 case KRB5_ET_KRB5KDC_ERR_KEY_EXP: 6787 case KRB5_ET_KRB5KDC_ERR_POLICY: 6788 /* ms windows kdc sends e-data of this type containing a "salt" 6789 * that contains the nt_status code for these error codes. 6790 */ 6791 private_data->try_nt_status = TRUE; 6792 offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_kerberos_e_data, dissect_kerberos_PA_DATA); 6793 break; 6794 case KRB5_ET_KRB5KDC_ERR_PREAUTH_REQUIRED: 6795 case KRB5_ET_KRB5KDC_ERR_PREAUTH_FAILED: 6796 case KRB5_ET_KRB5KDC_ERR_ETYPE_NOSUPP: 6797 case KRB5_ET_KDC_ERR_WRONG_REALM: 6798 case KRB5_ET_KDC_ERR_PREAUTH_EXPIRED: 6799 case KRB5_ET_KDC_ERR_MORE_PREAUTH_DATA_REQUIRED: 6800 case KRB5_ET_KDC_ERR_PREAUTH_BAD_AUTHENTICATION_SET: 6801 case KRB5_ET_KDC_ERR_UNKNOWN_CRITICAL_FAST_OPTIONS: 6802 offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_kerberos_e_data, dissect_kerberos_SEQUENCE_OF_PA_DATA); 6803 break; 6804 default: 6805 offset=dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_kerberos_e_data, NULL); 6806 break; 6807 } 6808 6809 6810 6811 6812 return offset; 6813 } 6814 6815 6816 static const ber_sequence_t KRB_ERROR_U_sequence[] = { 6817 { &hf_kerberos_pvno , BER_CLASS_CON, 0, 0, dissect_kerberos_INTEGER_5 }, 6818 { &hf_kerberos_msg_type , BER_CLASS_CON, 1, 0, dissect_kerberos_MESSAGE_TYPE }, 6819 { &hf_kerberos_ctime , BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL, dissect_kerberos_KerberosTime }, 6820 { &hf_kerberos_cusec , BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL, dissect_kerberos_Microseconds }, 6821 { &hf_kerberos_stime , BER_CLASS_CON, 4, 0, dissect_kerberos_KerberosTime }, 6822 { &hf_kerberos_susec , BER_CLASS_CON, 5, 0, dissect_kerberos_Microseconds }, 6823 { &hf_kerberos_error_code , BER_CLASS_CON, 6, 0, dissect_kerberos_ERROR_CODE }, 6824 { &hf_kerberos_crealm , BER_CLASS_CON, 7, BER_FLAGS_OPTIONAL, dissect_kerberos_Realm }, 6825 { &hf_kerberos_cname , BER_CLASS_CON, 8, BER_FLAGS_OPTIONAL, dissect_kerberos_CName }, 6826 { &hf_kerberos_realm , BER_CLASS_CON, 9, 0, dissect_kerberos_Realm }, 6827 { &hf_kerberos_sname , BER_CLASS_CON, 10, 0, dissect_kerberos_SName }, 6828 { &hf_kerberos_e_text , BER_CLASS_CON, 11, BER_FLAGS_OPTIONAL, dissect_kerberos_KerberosString }, 6829 { &hf_kerberos_e_data , BER_CLASS_CON, 12, BER_FLAGS_OPTIONAL, dissect_kerberos_T_e_data }, 6830 { &hf_kerberos_e_checksum , BER_CLASS_CON, 13, BER_FLAGS_OPTIONAL, dissect_kerberos_Checksum }, 6831 { NULL, 0, 0, 0, NULL } 6832 }; 6833 6834 static int 6835 dissect_kerberos_KRB_ERROR_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 6836 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 6837 KRB_ERROR_U_sequence, hf_index, ett_kerberos_KRB_ERROR_U); 6838 6839 return offset; 6840 } 6841 6842 6843 6844 static int 6845 dissect_kerberos_KRB_ERROR(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 6846 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset, 6847 hf_index, BER_CLASS_APP, 30, FALSE, dissect_kerberos_KRB_ERROR_U); 6848 6849 return offset; 6850 } 6851 6852 6853 static const ber_choice_t Applications_choice[] = { 6854 { KERBEROS_APPLICATIONS_TICKET, &hf_kerberos_ticket , BER_CLASS_APP, 1, BER_FLAGS_NOOWNTAG, dissect_kerberos_Ticket }, 6855 { KERBEROS_APPLICATIONS_AUTHENTICATOR, &hf_kerberos_authenticator, BER_CLASS_APP, 2, BER_FLAGS_NOOWNTAG, dissect_kerberos_Authenticator }, 6856 { KERBEROS_APPLICATIONS_ENCTICKETPART, &hf_kerberos_encTicketPart, BER_CLASS_APP, 3, BER_FLAGS_NOOWNTAG, dissect_kerberos_EncTicketPart }, 6857 { KERBEROS_APPLICATIONS_AS_REQ, &hf_kerberos_as_req , BER_CLASS_APP, 10, BER_FLAGS_NOOWNTAG, dissect_kerberos_AS_REQ }, 6858 { KERBEROS_APPLICATIONS_AS_REP, &hf_kerberos_as_rep , BER_CLASS_APP, 11, BER_FLAGS_NOOWNTAG, dissect_kerberos_AS_REP }, 6859 { KERBEROS_APPLICATIONS_TGS_REQ, &hf_kerberos_tgs_req , BER_CLASS_APP, 12, BER_FLAGS_NOOWNTAG, dissect_kerberos_TGS_REQ }, 6860 { KERBEROS_APPLICATIONS_TGS_REP, &hf_kerberos_tgs_rep , BER_CLASS_APP, 13, BER_FLAGS_NOOWNTAG, dissect_kerberos_TGS_REP }, 6861 { KERBEROS_APPLICATIONS_AP_REQ, &hf_kerberos_ap_req , BER_CLASS_APP, 14, BER_FLAGS_NOOWNTAG, dissect_kerberos_AP_REQ }, 6862 { KERBEROS_APPLICATIONS_AP_REP, &hf_kerberos_ap_rep , BER_CLASS_APP, 15, BER_FLAGS_NOOWNTAG, dissect_kerberos_AP_REP }, 6863 { KERBEROS_APPLICATIONS_KRB_SAFE, &hf_kerberos_krb_safe , BER_CLASS_APP, 20, BER_FLAGS_NOOWNTAG, dissect_kerberos_KRB_SAFE }, 6864 { KERBEROS_APPLICATIONS_KRB_PRIV, &hf_kerberos_krb_priv , BER_CLASS_APP, 21, BER_FLAGS_NOOWNTAG, dissect_kerberos_KRB_PRIV }, 6865 { KERBEROS_APPLICATIONS_KRB_CRED, &hf_kerberos_krb_cred , BER_CLASS_APP, 22, BER_FLAGS_NOOWNTAG, dissect_kerberos_KRB_CRED }, 6866 { KERBEROS_APPLICATIONS_ENCASREPPART, &hf_kerberos_encASRepPart, BER_CLASS_APP, 25, BER_FLAGS_NOOWNTAG, dissect_kerberos_EncASRepPart }, 6867 { KERBEROS_APPLICATIONS_ENCTGSREPPART, &hf_kerberos_encTGSRepPart, BER_CLASS_APP, 26, BER_FLAGS_NOOWNTAG, dissect_kerberos_EncTGSRepPart }, 6868 { KERBEROS_APPLICATIONS_ENCAPREPPART, &hf_kerberos_encAPRepPart, BER_CLASS_APP, 27, BER_FLAGS_NOOWNTAG, dissect_kerberos_EncAPRepPart }, 6869 { KERBEROS_APPLICATIONS_ENCKRBPRIVPART, &hf_kerberos_encKrbPrivPart, BER_CLASS_APP, 28, BER_FLAGS_NOOWNTAG, dissect_kerberos_ENC_KRB_PRIV_PART }, 6870 { KERBEROS_APPLICATIONS_ENCKRBCREDPART, &hf_kerberos_encKrbCredPart, BER_CLASS_APP, 29, BER_FLAGS_NOOWNTAG, dissect_kerberos_EncKrbCredPart }, 6871 { KERBEROS_APPLICATIONS_KRB_ERROR, &hf_kerberos_krb_error , BER_CLASS_APP, 30, BER_FLAGS_NOOWNTAG, dissect_kerberos_KRB_ERROR }, 6872 { 0, NULL, 0, 0, 0, NULL } 6873 }; 6874 6875 static int 6876 dissect_kerberos_Applications(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 6877 offset = dissect_ber_choice(actx, tree, tvb, offset, 6878 Applications_choice, hf_index, ett_kerberos_Applications, 6879 NULL); 6880 6881 return offset; 6882 } 6883 6884 6885 6886 static int 6887 dissect_kerberos_T_pA_ENC_TIMESTAMP_cipher(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 6888 #line 355 "./asn1/kerberos/kerberos.cnf" 6889 #ifdef HAVE_KERBEROS 6890 offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_PA_ENC_TIMESTAMP); 6891 #else 6892 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index, 6893 NULL); 6894 6895 #endif 6896 6897 6898 6899 return offset; 6900 } 6901 6902 6903 static const ber_sequence_t PA_ENC_TIMESTAMP_sequence[] = { 6904 { &hf_kerberos_etype , BER_CLASS_CON, 0, 0, dissect_kerberos_ENCTYPE }, 6905 { &hf_kerberos_kvno , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_UInt32 }, 6906 { &hf_kerberos_pA_ENC_TIMESTAMP_cipher, BER_CLASS_CON, 2, 0, dissect_kerberos_T_pA_ENC_TIMESTAMP_cipher }, 6907 { NULL, 0, 0, 0, NULL } 6908 }; 6909 6910 static int 6911 dissect_kerberos_PA_ENC_TIMESTAMP(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 6912 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 6913 PA_ENC_TIMESTAMP_sequence, hf_index, ett_kerberos_PA_ENC_TIMESTAMP); 6914 6915 return offset; 6916 } 6917 6918 6919 static const ber_sequence_t ETYPE_INFO_ENTRY_sequence[] = { 6920 { &hf_kerberos_etype , BER_CLASS_CON, 0, 0, dissect_kerberos_ENCTYPE }, 6921 { &hf_kerberos_info_salt , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_OCTET_STRING }, 6922 { NULL, 0, 0, 0, NULL } 6923 }; 6924 6925 static int 6926 dissect_kerberos_ETYPE_INFO_ENTRY(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 6927 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 6928 ETYPE_INFO_ENTRY_sequence, hf_index, ett_kerberos_ETYPE_INFO_ENTRY); 6929 6930 return offset; 6931 } 6932 6933 6934 static const ber_sequence_t ETYPE_INFO_sequence_of[1] = { 6935 { &hf_kerberos_ETYPE_INFO_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_kerberos_ETYPE_INFO_ENTRY }, 6936 }; 6937 6938 static int 6939 dissect_kerberos_ETYPE_INFO(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 6940 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset, 6941 ETYPE_INFO_sequence_of, hf_index, ett_kerberos_ETYPE_INFO); 6942 6943 return offset; 6944 } 6945 6946 6947 static const ber_sequence_t ETYPE_INFO2_ENTRY_sequence[] = { 6948 { &hf_kerberos_etype , BER_CLASS_CON, 0, 0, dissect_kerberos_ENCTYPE }, 6949 { &hf_kerberos_info2_salt , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_KerberosString }, 6950 { &hf_kerberos_s2kparams , BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL, dissect_kerberos_OCTET_STRING }, 6951 { NULL, 0, 0, 0, NULL } 6952 }; 6953 6954 static int 6955 dissect_kerberos_ETYPE_INFO2_ENTRY(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 6956 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 6957 ETYPE_INFO2_ENTRY_sequence, hf_index, ett_kerberos_ETYPE_INFO2_ENTRY); 6958 6959 return offset; 6960 } 6961 6962 6963 static const ber_sequence_t ETYPE_INFO2_sequence_of[1] = { 6964 { &hf_kerberos_ETYPE_INFO2_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_kerberos_ETYPE_INFO2_ENTRY }, 6965 }; 6966 6967 static int 6968 dissect_kerberos_ETYPE_INFO2(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 6969 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset, 6970 ETYPE_INFO2_sequence_of, hf_index, ett_kerberos_ETYPE_INFO2); 6971 6972 return offset; 6973 } 6974 6975 6976 6977 static int 6978 dissect_kerberos_AD_IF_RELEVANT(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 6979 offset = dissect_kerberos_AuthorizationData(implicit_tag, tvb, offset, actx, tree, hf_index); 6980 6981 return offset; 6982 } 6983 6984 6985 static const ber_sequence_t TGT_REQ_sequence[] = { 6986 { &hf_kerberos_pvno , BER_CLASS_CON, 0, 0, dissect_kerberos_INTEGER_5 }, 6987 { &hf_kerberos_msg_type , BER_CLASS_CON, 1, 0, dissect_kerberos_MESSAGE_TYPE }, 6988 { &hf_kerberos_server_name, BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL, dissect_kerberos_PrincipalName }, 6989 { &hf_kerberos_realm , BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL, dissect_kerberos_Realm }, 6990 { NULL, 0, 0, 0, NULL } 6991 }; 6992 6993 int 6994 dissect_kerberos_TGT_REQ(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 6995 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 6996 TGT_REQ_sequence, hf_index, ett_kerberos_TGT_REQ); 6997 6998 return offset; 6999 } 7000 7001 7002 static const ber_sequence_t TGT_REP_sequence[] = { 7003 { &hf_kerberos_pvno , BER_CLASS_CON, 0, 0, dissect_kerberos_INTEGER_5 }, 7004 { &hf_kerberos_msg_type , BER_CLASS_CON, 1, 0, dissect_kerberos_MESSAGE_TYPE }, 7005 { &hf_kerberos_ticket , BER_CLASS_CON, 2, 0, dissect_kerberos_Ticket }, 7006 { NULL, 0, 0, 0, NULL } 7007 }; 7008 7009 int 7010 dissect_kerberos_TGT_REP(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 7011 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 7012 TGT_REP_sequence, hf_index, ett_kerberos_TGT_REP); 7013 7014 return offset; 7015 } 7016 7017 7018 7019 static int 7020 dissect_kerberos_BOOLEAN(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 7021 offset = dissect_ber_boolean(implicit_tag, actx, tree, tvb, offset, hf_index, NULL); 7022 7023 return offset; 7024 } 7025 7026 7027 static const ber_sequence_t PA_PAC_REQUEST_sequence[] = { 7028 { &hf_kerberos_include_pac, BER_CLASS_CON, 0, 0, dissect_kerberos_BOOLEAN }, 7029 { NULL, 0, 0, 0, NULL } 7030 }; 7031 7032 static int 7033 dissect_kerberos_PA_PAC_REQUEST(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 7034 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 7035 PA_PAC_REQUEST_sequence, hf_index, ett_kerberos_PA_PAC_REQUEST); 7036 7037 return offset; 7038 } 7039 7040 7041 7042 static int 7043 dissect_kerberos_GeneralString(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 7044 offset = dissect_ber_restricted_string(implicit_tag, BER_UNI_TAG_GeneralString, 7045 actx, tree, tvb, offset, hf_index, 7046 NULL); 7047 7048 return offset; 7049 } 7050 7051 7052 static const ber_sequence_t PA_S4U2Self_sequence[] = { 7053 { &hf_kerberos_name , BER_CLASS_CON, 0, 0, dissect_kerberos_PrincipalName }, 7054 { &hf_kerberos_realm , BER_CLASS_CON, 1, 0, dissect_kerberos_Realm }, 7055 { &hf_kerberos_cksum , BER_CLASS_CON, 2, 0, dissect_kerberos_Checksum }, 7056 { &hf_kerberos_auth , BER_CLASS_CON, 3, 0, dissect_kerberos_GeneralString }, 7057 { NULL, 0, 0, 0, NULL } 7058 }; 7059 7060 static int 7061 dissect_kerberos_PA_S4U2Self(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 7062 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 7063 PA_S4U2Self_sequence, hf_index, ett_kerberos_PA_S4U2Self); 7064 7065 return offset; 7066 } 7067 7068 7069 7070 static int 7071 dissect_kerberos_T_subject_certificate(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 7072 #line 559 "./asn1/kerberos/kerberos.cnf" 7073 offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset,hf_index, dissect_x509af_Certificate); 7074 7075 7076 7077 return offset; 7078 } 7079 7080 7081 7082 static int 7083 dissect_kerberos_BIT_STRING(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 7084 offset = dissect_ber_bitstring(implicit_tag, actx, tree, tvb, offset, 7085 NULL, 0, hf_index, -1, 7086 NULL); 7087 7088 return offset; 7089 } 7090 7091 7092 static const ber_sequence_t S4UUserID_sequence[] = { 7093 { &hf_kerberos_nonce , BER_CLASS_CON, 0, 0, dissect_kerberos_UInt32 }, 7094 { &hf_kerberos_cname_01 , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_PrincipalName }, 7095 { &hf_kerberos_crealm , BER_CLASS_CON, 2, 0, dissect_kerberos_Realm }, 7096 { &hf_kerberos_subject_certificate, BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL, dissect_kerberos_T_subject_certificate }, 7097 { &hf_kerberos_options , BER_CLASS_CON, 4, BER_FLAGS_OPTIONAL, dissect_kerberos_BIT_STRING }, 7098 { NULL, 0, 0, 0, NULL } 7099 }; 7100 7101 static int 7102 dissect_kerberos_S4UUserID(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 7103 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 7104 S4UUserID_sequence, hf_index, ett_kerberos_S4UUserID); 7105 7106 return offset; 7107 } 7108 7109 7110 static const ber_sequence_t PA_S4U_X509_USER_sequence[] = { 7111 { &hf_kerberos_user_id , BER_CLASS_CON, 0, 0, dissect_kerberos_S4UUserID }, 7112 { &hf_kerberos_checksum_01, BER_CLASS_CON, 1, 0, dissect_kerberos_Checksum }, 7113 { NULL, 0, 0, 0, NULL } 7114 }; 7115 7116 static int 7117 dissect_kerberos_PA_S4U_X509_USER(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 7118 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 7119 PA_S4U_X509_USER_sequence, hf_index, ett_kerberos_PA_S4U_X509_USER); 7120 7121 return offset; 7122 } 7123 7124 7125 static int * const PAC_OPTIONS_FLAGS_bits[] = { 7126 &hf_kerberos_PAC_OPTIONS_FLAGS_claims, 7127 &hf_kerberos_PAC_OPTIONS_FLAGS_branch_aware, 7128 &hf_kerberos_PAC_OPTIONS_FLAGS_forward_to_full_dc, 7129 &hf_kerberos_PAC_OPTIONS_FLAGS_resource_based_constrained_delegation, 7130 NULL 7131 }; 7132 7133 static int 7134 dissect_kerberos_PAC_OPTIONS_FLAGS(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 7135 offset = dissect_ber_bitstring(implicit_tag, actx, tree, tvb, offset, 7136 PAC_OPTIONS_FLAGS_bits, 4, hf_index, ett_kerberos_PAC_OPTIONS_FLAGS, 7137 NULL); 7138 7139 return offset; 7140 } 7141 7142 7143 static const ber_sequence_t PA_PAC_OPTIONS_sequence[] = { 7144 { &hf_kerberos_flags_01 , BER_CLASS_CON, 0, 0, dissect_kerberos_PAC_OPTIONS_FLAGS }, 7145 { NULL, 0, 0, 0, NULL } 7146 }; 7147 7148 static int 7149 dissect_kerberos_PA_PAC_OPTIONS(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 7150 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 7151 PA_PAC_OPTIONS_sequence, hf_index, ett_kerberos_PA_PAC_OPTIONS); 7152 7153 return offset; 7154 } 7155 7156 7157 static const ber_sequence_t KERB_AD_RESTRICTION_ENTRY_U_sequence[] = { 7158 { &hf_kerberos_restriction_type, BER_CLASS_CON, 0, 0, dissect_kerberos_Int32 }, 7159 { &hf_kerberos_restriction, BER_CLASS_CON, 1, 0, dissect_kerberos_OCTET_STRING }, 7160 { NULL, 0, 0, 0, NULL } 7161 }; 7162 7163 static int 7164 dissect_kerberos_KERB_AD_RESTRICTION_ENTRY_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 7165 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 7166 KERB_AD_RESTRICTION_ENTRY_U_sequence, hf_index, ett_kerberos_KERB_AD_RESTRICTION_ENTRY_U); 7167 7168 return offset; 7169 } 7170 7171 7172 7173 static int 7174 dissect_kerberos_KERB_AD_RESTRICTION_ENTRY(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 7175 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset, 7176 hf_index, BER_CLASS_UNI, 16, FALSE, dissect_kerberos_KERB_AD_RESTRICTION_ENTRY_U); 7177 7178 return offset; 7179 } 7180 7181 7182 static const ber_sequence_t PA_KERB_KEY_LIST_REQ_sequence_of[1] = { 7183 { &hf_kerberos_PA_KERB_KEY_LIST_REQ_item, BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_kerberos_ENCTYPE }, 7184 }; 7185 7186 static int 7187 dissect_kerberos_PA_KERB_KEY_LIST_REQ(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 7188 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset, 7189 PA_KERB_KEY_LIST_REQ_sequence_of, hf_index, ett_kerberos_PA_KERB_KEY_LIST_REQ); 7190 7191 return offset; 7192 } 7193 7194 7195 7196 static int 7197 dissect_kerberos_PA_KERB_KEY_LIST_REP_Key(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 7198 offset = dissect_kerberos_EncryptionKey(implicit_tag, tvb, offset, actx, tree, hf_index); 7199 7200 return offset; 7201 } 7202 7203 7204 7205 static int 7206 dissect_kerberos_PA_KERB_KEY_LIST_REP_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 7207 #line 513 "./asn1/kerberos/kerberos.cnf" 7208 kerberos_private_data_t *private_data = kerberos_get_private_data(actx); 7209 gint save_encryption_key_parent_hf_index = private_data->save_encryption_key_parent_hf_index; 7210 kerberos_key_save_fn saved_encryption_key_fn = private_data->save_encryption_key_fn; 7211 private_data->save_encryption_key_parent_hf_index = hf_kerberos_kerbKeyListRep_key; 7212 #ifdef HAVE_KERBEROS 7213 private_data->save_encryption_key_fn = save_encryption_key; 7214 #endif 7215 offset = dissect_kerberos_PA_KERB_KEY_LIST_REP_Key(implicit_tag, tvb, offset, actx, tree, hf_index); 7216 7217 private_data->save_encryption_key_parent_hf_index = save_encryption_key_parent_hf_index; 7218 private_data->save_encryption_key_fn = saved_encryption_key_fn; 7219 7220 7221 7222 return offset; 7223 } 7224 7225 7226 static const ber_sequence_t PA_KERB_KEY_LIST_REP_sequence_of[1] = { 7227 { &hf_kerberos_kerbKeyListRep_key, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_kerberos_PA_KERB_KEY_LIST_REP_item }, 7228 }; 7229 7230 static int 7231 dissect_kerberos_PA_KERB_KEY_LIST_REP(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 7232 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset, 7233 PA_KERB_KEY_LIST_REP_sequence_of, hf_index, ett_kerberos_PA_KERB_KEY_LIST_REP); 7234 7235 return offset; 7236 } 7237 7238 7239 static const ber_sequence_t ChangePasswdData_sequence[] = { 7240 { &hf_kerberos_newpasswd , BER_CLASS_CON, 0, 0, dissect_kerberos_OCTET_STRING }, 7241 { &hf_kerberos_targname , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_PrincipalName }, 7242 { &hf_kerberos_targrealm , BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL, dissect_kerberos_Realm }, 7243 { NULL, 0, 0, 0, NULL } 7244 }; 7245 7246 int 7247 dissect_kerberos_ChangePasswdData(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 7248 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 7249 ChangePasswdData_sequence, hf_index, ett_kerberos_ChangePasswdData); 7250 7251 return offset; 7252 } 7253 7254 7255 static const ber_sequence_t PA_AUTHENTICATION_SET_ELEM_sequence[] = { 7256 { &hf_kerberos_pa_type , BER_CLASS_CON, 0, 0, dissect_kerberos_PADATA_TYPE }, 7257 { &hf_kerberos_pa_hint , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_OCTET_STRING }, 7258 { &hf_kerberos_pa_value , BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL, dissect_kerberos_OCTET_STRING }, 7259 { NULL, 0, 0, 0, NULL } 7260 }; 7261 7262 static int 7263 dissect_kerberos_PA_AUTHENTICATION_SET_ELEM(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 7264 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 7265 PA_AUTHENTICATION_SET_ELEM_sequence, hf_index, ett_kerberos_PA_AUTHENTICATION_SET_ELEM); 7266 7267 return offset; 7268 } 7269 7270 7271 static const value_string kerberos_KrbFastArmorTypes_vals[] = { 7272 { KERBEROS_FX_FAST_RESERVED, "fX-FAST-reserved" }, 7273 { KERBEROS_FX_FAST_ARMOR_AP_REQUEST, "fX-FAST-ARMOR-AP-REQUEST" }, 7274 { 0, NULL } 7275 }; 7276 7277 7278 static int 7279 dissect_kerberos_KrbFastArmorTypes(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 7280 #line 636 "./asn1/kerberos/kerberos.cnf" 7281 kerberos_private_data_t *private_data = kerberos_get_private_data(actx); 7282 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index, 7283 &(private_data->fast_type)); 7284 7285 7286 7287 7288 return offset; 7289 } 7290 7291 7292 7293 static int 7294 dissect_kerberos_T_armor_value(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 7295 #line 640 "./asn1/kerberos/kerberos.cnf" 7296 kerberos_private_data_t *private_data = kerberos_get_private_data(actx); 7297 7298 switch(private_data->fast_type){ 7299 case KERBEROS_FX_FAST_ARMOR_AP_REQUEST: 7300 private_data->fast_armor_within_armor_value++; 7301 offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset, hf_index, dissect_kerberos_Applications); 7302 private_data->fast_armor_within_armor_value--; 7303 break; 7304 default: 7305 offset=dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index, NULL); 7306 break; 7307 } 7308 7309 7310 7311 return offset; 7312 } 7313 7314 7315 static const ber_sequence_t KrbFastArmor_sequence[] = { 7316 { &hf_kerberos_armor_type , BER_CLASS_CON, 0, 0, dissect_kerberos_KrbFastArmorTypes }, 7317 { &hf_kerberos_armor_value, BER_CLASS_CON, 1, 0, dissect_kerberos_T_armor_value }, 7318 { NULL, 0, 0, 0, NULL } 7319 }; 7320 7321 static int 7322 dissect_kerberos_KrbFastArmor(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 7323 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 7324 KrbFastArmor_sequence, hf_index, ett_kerberos_KrbFastArmor); 7325 7326 return offset; 7327 } 7328 7329 7330 7331 static int 7332 dissect_kerberos_T_encryptedKrbFastReq_cipher(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 7333 #line 612 "./asn1/kerberos/kerberos.cnf" 7334 #ifdef HAVE_KERBEROS 7335 offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_KrbFastReq); 7336 #else 7337 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index, 7338 NULL); 7339 7340 #endif 7341 return offset; 7342 7343 7344 7345 return offset; 7346 } 7347 7348 7349 static const ber_sequence_t EncryptedKrbFastReq_sequence[] = { 7350 { &hf_kerberos_etype , BER_CLASS_CON, 0, 0, dissect_kerberos_ENCTYPE }, 7351 { &hf_kerberos_kvno , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_UInt32 }, 7352 { &hf_kerberos_encryptedKrbFastReq_cipher, BER_CLASS_CON, 2, 0, dissect_kerberos_T_encryptedKrbFastReq_cipher }, 7353 { NULL, 0, 0, 0, NULL } 7354 }; 7355 7356 static int 7357 dissect_kerberos_EncryptedKrbFastReq(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 7358 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 7359 EncryptedKrbFastReq_sequence, hf_index, ett_kerberos_EncryptedKrbFastReq); 7360 7361 return offset; 7362 } 7363 7364 7365 static const ber_sequence_t KrbFastArmoredReq_sequence[] = { 7366 { &hf_kerberos_armor , BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL, dissect_kerberos_KrbFastArmor }, 7367 { &hf_kerberos_req_checksum, BER_CLASS_CON, 1, 0, dissect_kerberos_Checksum }, 7368 { &hf_kerberos_enc_fast_req, BER_CLASS_CON, 2, 0, dissect_kerberos_EncryptedKrbFastReq }, 7369 { NULL, 0, 0, 0, NULL } 7370 }; 7371 7372 static int 7373 dissect_kerberos_KrbFastArmoredReq(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 7374 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 7375 KrbFastArmoredReq_sequence, hf_index, ett_kerberos_KrbFastArmoredReq); 7376 7377 return offset; 7378 } 7379 7380 7381 static const ber_choice_t PA_FX_FAST_REQUEST_choice[] = { 7382 { 0, &hf_kerberos_armored_data_request, BER_CLASS_CON, 0, 0, dissect_kerberos_KrbFastArmoredReq }, 7383 { 0, NULL, 0, 0, 0, NULL } 7384 }; 7385 7386 static int 7387 dissect_kerberos_PA_FX_FAST_REQUEST(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 7388 offset = dissect_ber_choice(actx, tree, tvb, offset, 7389 PA_FX_FAST_REQUEST_choice, hf_index, ett_kerberos_PA_FX_FAST_REQUEST, 7390 NULL); 7391 7392 return offset; 7393 } 7394 7395 7396 7397 static int 7398 dissect_kerberos_T_encryptedKrbFastResponse_cipher(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 7399 #line 620 "./asn1/kerberos/kerberos.cnf" 7400 #ifdef HAVE_KERBEROS 7401 offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_KrbFastResponse); 7402 #else 7403 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index, 7404 NULL); 7405 7406 #endif 7407 return offset; 7408 7409 7410 7411 return offset; 7412 } 7413 7414 7415 static const ber_sequence_t EncryptedKrbFastResponse_sequence[] = { 7416 { &hf_kerberos_etype , BER_CLASS_CON, 0, 0, dissect_kerberos_ENCTYPE }, 7417 { &hf_kerberos_kvno , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_UInt32 }, 7418 { &hf_kerberos_encryptedKrbFastResponse_cipher, BER_CLASS_CON, 2, 0, dissect_kerberos_T_encryptedKrbFastResponse_cipher }, 7419 { NULL, 0, 0, 0, NULL } 7420 }; 7421 7422 static int 7423 dissect_kerberos_EncryptedKrbFastResponse(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 7424 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 7425 EncryptedKrbFastResponse_sequence, hf_index, ett_kerberos_EncryptedKrbFastResponse); 7426 7427 return offset; 7428 } 7429 7430 7431 static const ber_sequence_t KrbFastArmoredRep_sequence[] = { 7432 { &hf_kerberos_enc_fast_rep, BER_CLASS_CON, 0, 0, dissect_kerberos_EncryptedKrbFastResponse }, 7433 { NULL, 0, 0, 0, NULL } 7434 }; 7435 7436 static int 7437 dissect_kerberos_KrbFastArmoredRep(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 7438 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 7439 KrbFastArmoredRep_sequence, hf_index, ett_kerberos_KrbFastArmoredRep); 7440 7441 return offset; 7442 } 7443 7444 7445 static const ber_choice_t PA_FX_FAST_REPLY_choice[] = { 7446 { 0, &hf_kerberos_armored_data_reply, BER_CLASS_CON, 0, 0, dissect_kerberos_KrbFastArmoredRep }, 7447 { 0, NULL, 0, 0, 0, NULL } 7448 }; 7449 7450 static int 7451 dissect_kerberos_PA_FX_FAST_REPLY(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 7452 offset = dissect_ber_choice(actx, tree, tvb, offset, 7453 PA_FX_FAST_REPLY_choice, hf_index, ett_kerberos_PA_FX_FAST_REPLY, 7454 NULL); 7455 7456 return offset; 7457 } 7458 7459 7460 7461 static int 7462 dissect_kerberos_T_encryptedChallenge_cipher(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 7463 #line 628 "./asn1/kerberos/kerberos.cnf" 7464 #ifdef HAVE_KERBEROS 7465 offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_EncryptedChallenge); 7466 #else 7467 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index, 7468 NULL); 7469 7470 #endif 7471 return offset; 7472 7473 7474 7475 return offset; 7476 } 7477 7478 7479 static const ber_sequence_t EncryptedChallenge_sequence[] = { 7480 { &hf_kerberos_etype , BER_CLASS_CON, 0, 0, dissect_kerberos_ENCTYPE }, 7481 { &hf_kerberos_kvno , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_UInt32 }, 7482 { &hf_kerberos_encryptedChallenge_cipher, BER_CLASS_CON, 2, 0, dissect_kerberos_T_encryptedChallenge_cipher }, 7483 { NULL, 0, 0, 0, NULL } 7484 }; 7485 7486 static int 7487 dissect_kerberos_EncryptedChallenge(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 7488 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 7489 EncryptedChallenge_sequence, hf_index, ett_kerberos_EncryptedChallenge); 7490 7491 return offset; 7492 } 7493 7494 7495 static const ber_sequence_t EncryptedSpakeData_sequence[] = { 7496 { &hf_kerberos_etype , BER_CLASS_CON, 0, 0, dissect_kerberos_ENCTYPE }, 7497 { &hf_kerberos_kvno , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_UInt32 }, 7498 { &hf_kerberos_cipher , BER_CLASS_CON, 2, 0, dissect_kerberos_OCTET_STRING }, 7499 { NULL, 0, 0, 0, NULL } 7500 }; 7501 7502 static int 7503 dissect_kerberos_EncryptedSpakeData(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 7504 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 7505 EncryptedSpakeData_sequence, hf_index, ett_kerberos_EncryptedSpakeData); 7506 7507 return offset; 7508 } 7509 7510 7511 static const ber_sequence_t EncryptedSpakeResponseData_sequence[] = { 7512 { &hf_kerberos_etype , BER_CLASS_CON, 0, 0, dissect_kerberos_ENCTYPE }, 7513 { &hf_kerberos_kvno , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_UInt32 }, 7514 { &hf_kerberos_cipher , BER_CLASS_CON, 2, 0, dissect_kerberos_OCTET_STRING }, 7515 { NULL, 0, 0, 0, NULL } 7516 }; 7517 7518 static int 7519 dissect_kerberos_EncryptedSpakeResponseData(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 7520 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 7521 EncryptedSpakeResponseData_sequence, hf_index, ett_kerberos_EncryptedSpakeResponseData); 7522 7523 return offset; 7524 } 7525 7526 7527 static const value_string kerberos_SPAKEGroup_vals[] = { 7528 { 1, "sPAKEGroup-edwards25519" }, 7529 { 2, "sPAKEGroup-P-256" }, 7530 { 3, "sPAKEGroup-P-384" }, 7531 { 4, "sPAKEGroup-P-521" }, 7532 { 0, NULL } 7533 }; 7534 7535 7536 static int 7537 dissect_kerberos_SPAKEGroup(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 7538 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index, 7539 NULL); 7540 7541 return offset; 7542 } 7543 7544 7545 static const value_string kerberos_SPAKESecondFactorType_vals[] = { 7546 { 1, "sPAKESecondFactor-SF-NONE" }, 7547 { 0, NULL } 7548 }; 7549 7550 7551 static int 7552 dissect_kerberos_SPAKESecondFactorType(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 7553 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index, 7554 NULL); 7555 7556 return offset; 7557 } 7558 7559 7560 static const ber_sequence_t SEQUENCE_SIZE_1_MAX_OF_SPAKEGroup_sequence_of[1] = { 7561 { &hf_kerberos_groups_item, BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_kerberos_SPAKEGroup }, 7562 }; 7563 7564 static int 7565 dissect_kerberos_SEQUENCE_SIZE_1_MAX_OF_SPAKEGroup(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 7566 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset, 7567 SEQUENCE_SIZE_1_MAX_OF_SPAKEGroup_sequence_of, hf_index, ett_kerberos_SEQUENCE_SIZE_1_MAX_OF_SPAKEGroup); 7568 7569 return offset; 7570 } 7571 7572 7573 static const ber_sequence_t SPAKESupport_sequence[] = { 7574 { &hf_kerberos_groups , BER_CLASS_CON, 0, 0, dissect_kerberos_SEQUENCE_SIZE_1_MAX_OF_SPAKEGroup }, 7575 { NULL, 0, 0, 0, NULL } 7576 }; 7577 7578 static int 7579 dissect_kerberos_SPAKESupport(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 7580 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 7581 SPAKESupport_sequence, hf_index, ett_kerberos_SPAKESupport); 7582 7583 return offset; 7584 } 7585 7586 7587 static const ber_sequence_t SPAKESecondFactor_sequence[] = { 7588 { &hf_kerberos_type , BER_CLASS_CON, 0, 0, dissect_kerberos_SPAKESecondFactorType }, 7589 { &hf_kerberos_data , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_OCTET_STRING }, 7590 { NULL, 0, 0, 0, NULL } 7591 }; 7592 7593 static int 7594 dissect_kerberos_SPAKESecondFactor(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 7595 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 7596 SPAKESecondFactor_sequence, hf_index, ett_kerberos_SPAKESecondFactor); 7597 7598 return offset; 7599 } 7600 7601 7602 static const ber_sequence_t SEQUENCE_SIZE_1_MAX_OF_SPAKESecondFactor_sequence_of[1] = { 7603 { &hf_kerberos_factors_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_kerberos_SPAKESecondFactor }, 7604 }; 7605 7606 static int 7607 dissect_kerberos_SEQUENCE_SIZE_1_MAX_OF_SPAKESecondFactor(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 7608 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset, 7609 SEQUENCE_SIZE_1_MAX_OF_SPAKESecondFactor_sequence_of, hf_index, ett_kerberos_SEQUENCE_SIZE_1_MAX_OF_SPAKESecondFactor); 7610 7611 return offset; 7612 } 7613 7614 7615 static const ber_sequence_t SPAKEChallenge_sequence[] = { 7616 { &hf_kerberos_group , BER_CLASS_CON, 0, 0, dissect_kerberos_SPAKEGroup }, 7617 { &hf_kerberos_pubkey , BER_CLASS_CON, 1, 0, dissect_kerberos_OCTET_STRING }, 7618 { &hf_kerberos_factors , BER_CLASS_CON, 2, 0, dissect_kerberos_SEQUENCE_SIZE_1_MAX_OF_SPAKESecondFactor }, 7619 { NULL, 0, 0, 0, NULL } 7620 }; 7621 7622 static int 7623 dissect_kerberos_SPAKEChallenge(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 7624 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 7625 SPAKEChallenge_sequence, hf_index, ett_kerberos_SPAKEChallenge); 7626 7627 return offset; 7628 } 7629 7630 7631 static const ber_sequence_t SPAKEResponse_sequence[] = { 7632 { &hf_kerberos_pubkey , BER_CLASS_CON, 0, 0, dissect_kerberos_OCTET_STRING }, 7633 { &hf_kerberos_factor , BER_CLASS_CON, 1, 0, dissect_kerberos_EncryptedSpakeResponseData }, 7634 { NULL, 0, 0, 0, NULL } 7635 }; 7636 7637 static int 7638 dissect_kerberos_SPAKEResponse(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 7639 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 7640 SPAKEResponse_sequence, hf_index, ett_kerberos_SPAKEResponse); 7641 7642 return offset; 7643 } 7644 7645 7646 static const value_string kerberos_PA_SPAKE_vals[] = { 7647 { 0, "support" }, 7648 { 1, "challenge" }, 7649 { 2, "response" }, 7650 { 3, "encdata" }, 7651 { 0, NULL } 7652 }; 7653 7654 static const ber_choice_t PA_SPAKE_choice[] = { 7655 { 0, &hf_kerberos_support , BER_CLASS_CON, 0, 0, dissect_kerberos_SPAKESupport }, 7656 { 1, &hf_kerberos_challenge , BER_CLASS_CON, 1, 0, dissect_kerberos_SPAKEChallenge }, 7657 { 2, &hf_kerberos_response , BER_CLASS_CON, 2, 0, dissect_kerberos_SPAKEResponse }, 7658 { 3, &hf_kerberos_encdata , BER_CLASS_CON, 3, 0, dissect_kerberos_EncryptedSpakeData }, 7659 { 0, NULL, 0, 0, 0, NULL } 7660 }; 7661 7662 static int 7663 dissect_kerberos_PA_SPAKE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 7664 #line 654 "./asn1/kerberos/kerberos.cnf" 7665 kerberos_private_data_t* private_data = kerberos_get_private_data(actx); 7666 offset = dissect_ber_choice(actx, tree, tvb, offset, 7667 PA_SPAKE_choice, hf_index, ett_kerberos_PA_SPAKE, 7668 &(private_data->padata_type)); 7669 7670 7671 7672 #line 657 "./asn1/kerberos/kerberos.cnf" 7673 if(tree){ 7674 proto_item_append_text(tree, " %s", 7675 val_to_str(private_data->padata_type, kerberos_PA_SPAKE_vals, 7676 "Unknown:%d")); 7677 } 7678 7679 return offset; 7680 } 7681 7682 7683 /*--- End of included file: packet-kerberos-fn.c ---*/ 7684 #line 4154 "./asn1/kerberos/packet-kerberos-template.c" 7685 7686 #ifdef HAVE_KERBEROS 7687 static const ber_sequence_t PA_ENC_TS_ENC_sequence[] = { 7688 { &hf_krb_patimestamp, BER_CLASS_CON, 0, 0, dissect_kerberos_KerberosTime }, 7689 { &hf_krb_pausec , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_Microseconds }, 7690 { NULL, 0, 0, 0, NULL } 7691 }; 7692 7693 static int 7694 dissect_kerberos_PA_ENC_TS_ENC(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 7695 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 7696 PA_ENC_TS_ENC_sequence, hf_index, ett_krb_pa_enc_ts_enc); 7697 return offset; 7698 } 7699 7700 static int 7701 dissect_kerberos_T_strengthen_key(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 7702 #line 491 "./asn1/kerberos/kerberos.cnf" 7703 kerberos_private_data_t *private_data = kerberos_get_private_data(actx); 7704 gint save_encryption_key_parent_hf_index = private_data->save_encryption_key_parent_hf_index; 7705 kerberos_key_save_fn saved_encryption_key_fn = private_data->save_encryption_key_fn; 7706 private_data->save_encryption_key_parent_hf_index = hf_kerberos_KrbFastResponse; 7707 #ifdef HAVE_KERBEROS 7708 private_data->save_encryption_key_fn = save_KrbFastResponse_strengthen_key; 7709 #endif 7710 offset = dissect_kerberos_EncryptionKey(implicit_tag, tvb, offset, actx, tree, hf_index); 7711 7712 private_data->save_encryption_key_parent_hf_index = save_encryption_key_parent_hf_index; 7713 private_data->save_encryption_key_fn = saved_encryption_key_fn; 7714 return offset; 7715 } 7716 7717 static const ber_sequence_t KrbFastFinished_sequence[] = { 7718 { &hf_kerberos_timestamp , BER_CLASS_CON, 0, 0, dissect_kerberos_KerberosTime }, 7719 { &hf_kerberos_usec , BER_CLASS_CON, 1, 0, dissect_kerberos_Microseconds }, 7720 { &hf_kerberos_crealm , BER_CLASS_CON, 2, 0, dissect_kerberos_Realm }, 7721 { &hf_kerberos_cname_01 , BER_CLASS_CON, 3, 0, dissect_kerberos_PrincipalName }, 7722 { &hf_kerberos_ticket_checksum, BER_CLASS_CON, 4, 0, dissect_kerberos_Checksum }, 7723 { NULL, 0, 0, 0, NULL } 7724 }; 7725 7726 static int 7727 dissect_kerberos_KrbFastFinished(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 7728 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 7729 KrbFastFinished_sequence, hf_index, ett_kerberos_KrbFastFinished); 7730 7731 return offset; 7732 } 7733 7734 static const ber_sequence_t KrbFastResponse_sequence[] = { 7735 { &hf_kerberos_padata , BER_CLASS_CON, 0, 0, dissect_kerberos_SEQUENCE_OF_PA_DATA }, 7736 { &hf_kerberos_strengthen_key, BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_T_strengthen_key }, 7737 { &hf_kerberos_finished , BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL, dissect_kerberos_KrbFastFinished }, 7738 { &hf_kerberos_nonce , BER_CLASS_CON, 3, 0, dissect_kerberos_UInt32 }, 7739 { NULL, 0, 0, 0, NULL } 7740 }; 7741 7742 static int 7743 dissect_kerberos_KrbFastResponse(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 7744 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 7745 KrbFastResponse_sequence, hf_index, ett_kerberos_KrbFastResponse); 7746 7747 return offset; 7748 } 7749 7750 static const ber_sequence_t KrbFastReq_sequence[] = { 7751 { &hf_kerberos_fast_options, BER_CLASS_CON, 0, 0, dissect_kerberos_FastOptions }, 7752 { &hf_kerberos_padata , BER_CLASS_CON, 1, 0, dissect_kerberos_SEQUENCE_OF_PA_DATA }, 7753 { &hf_kerberos_req_body , BER_CLASS_CON, 2, 0, dissect_kerberos_KDC_REQ_BODY }, 7754 { NULL, 0, 0, 0, NULL } 7755 }; 7756 7757 static int 7758 dissect_kerberos_KrbFastReq(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 7759 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, 7760 KrbFastReq_sequence, hf_index, ett_kerberos_KrbFastReq); 7761 7762 return offset; 7763 } 7764 7765 static int * const FastOptions_bits[] = { 7766 &hf_kerberos_FastOptions_reserved, 7767 &hf_kerberos_FastOptions_hide_client_names, 7768 &hf_kerberos_FastOptions_spare_bit2, 7769 &hf_kerberos_FastOptions_spare_bit3, 7770 &hf_kerberos_FastOptions_spare_bit4, 7771 &hf_kerberos_FastOptions_spare_bit5, 7772 &hf_kerberos_FastOptions_spare_bit6, 7773 &hf_kerberos_FastOptions_spare_bit7, 7774 &hf_kerberos_FastOptions_spare_bit8, 7775 &hf_kerberos_FastOptions_spare_bit9, 7776 &hf_kerberos_FastOptions_spare_bit10, 7777 &hf_kerberos_FastOptions_spare_bit11, 7778 &hf_kerberos_FastOptions_spare_bit12, 7779 &hf_kerberos_FastOptions_spare_bit13, 7780 &hf_kerberos_FastOptions_spare_bit14, 7781 &hf_kerberos_FastOptions_spare_bit15, 7782 &hf_kerberos_FastOptions_kdc_follow_referrals, 7783 NULL 7784 }; 7785 7786 static int 7787 dissect_kerberos_FastOptions(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { 7788 offset = dissect_ber_bitstring(implicit_tag, actx, tree, tvb, offset, 7789 FastOptions_bits, 17, hf_index, ett_kerberos_FastOptions, 7790 NULL); 7791 7792 return offset; 7793 } 7794 7795 #endif /* HAVE_KERBEROS */ 7796 7797 /* Make wrappers around exported functions for now */ 7798 int 7799 dissect_krb5_Checksum(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_) 7800 { 7801 return dissect_kerberos_Checksum(FALSE, tvb, offset, actx, tree, hf_kerberos_cksum); 7802 7803 } 7804 7805 int 7806 dissect_krb5_ctime(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_) 7807 { 7808 return dissect_kerberos_KerberosTime(FALSE, tvb, offset, actx, tree, hf_kerberos_ctime); 7809 } 7810 7811 7812 int 7813 dissect_krb5_cname(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_) 7814 { 7815 return dissect_kerberos_PrincipalName(FALSE, tvb, offset, actx, tree, hf_kerberos_cname); 7816 } 7817 int 7818 dissect_krb5_realm(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_) 7819 { 7820 return dissect_kerberos_Realm(FALSE, tvb, offset, actx, tree, hf_kerberos_realm); 7821 } 7822 7823 struct kerberos_display_key_state { 7824 proto_tree *tree; 7825 packet_info *pinfo; 7826 expert_field *expindex; 7827 const char *name; 7828 tvbuff_t *tvb; 7829 gint start; 7830 gint length; 7831 }; 7832 7833 static void 7834 #ifdef HAVE_KERBEROS 7835 kerberos_display_key(gpointer data, gpointer userdata) 7836 #else 7837 kerberos_display_key(gpointer data _U_, gpointer userdata _U_) 7838 #endif 7839 { 7840 #ifdef HAVE_KERBEROS 7841 struct kerberos_display_key_state *state = 7842 (struct kerberos_display_key_state *)userdata; 7843 const enc_key_t *ek = (const enc_key_t *)data; 7844 proto_item *item = NULL; 7845 enc_key_t *sek = NULL; 7846 7847 item = proto_tree_add_expert_format(state->tree, 7848 state->pinfo, 7849 state->expindex, 7850 state->tvb, 7851 state->start, 7852 state->length, 7853 "%s %s keytype %d (id=%s same=%u) (%02x%02x%02x%02x...)", 7854 state->name, 7855 ek->key_origin, ek->keytype, 7856 ek->id_str, ek->num_same, 7857 ek->keyvalue[0] & 0xFF, ek->keyvalue[1] & 0xFF, 7858 ek->keyvalue[2] & 0xFF, ek->keyvalue[3] & 0xFF); 7859 if (ek->src1 != NULL) { 7860 sek = ek->src1; 7861 expert_add_info_format(state->pinfo, 7862 item, 7863 state->expindex, 7864 "SRC1 %s keytype %d (id=%s same=%u) (%02x%02x%02x%02x...)", 7865 sek->key_origin, sek->keytype, 7866 sek->id_str, sek->num_same, 7867 sek->keyvalue[0] & 0xFF, sek->keyvalue[1] & 0xFF, 7868 sek->keyvalue[2] & 0xFF, sek->keyvalue[3] & 0xFF); 7869 } 7870 if (ek->src2 != NULL) { 7871 sek = ek->src2; 7872 expert_add_info_format(state->pinfo, 7873 item, 7874 state->expindex, 7875 "SRC2 %s keytype %d (id=%s same=%u) (%02x%02x%02x%02x...)", 7876 sek->key_origin, sek->keytype, 7877 sek->id_str, sek->num_same, 7878 sek->keyvalue[0] & 0xFF, sek->keyvalue[1] & 0xFF, 7879 sek->keyvalue[2] & 0xFF, sek->keyvalue[3] & 0xFF); 7880 } 7881 sek = ek->same_list; 7882 while (sek != NULL) { 7883 expert_add_info_format(state->pinfo, 7884 item, 7885 state->expindex, 7886 "%s %s keytype %d (id=%s same=%u) (%02x%02x%02x%02x...)", 7887 state->name, 7888 sek->key_origin, sek->keytype, 7889 sek->id_str, sek->num_same, 7890 sek->keyvalue[0] & 0xFF, sek->keyvalue[1] & 0xFF, 7891 sek->keyvalue[2] & 0xFF, sek->keyvalue[3] & 0xFF); 7892 sek = sek->same_list; 7893 } 7894 #endif /* HAVE_KERBEROS */ 7895 } 7896 7897 static const value_string KERB_LOGON_SUBMIT_TYPE[] = { 7898 { 2, "KerbInteractiveLogon" }, 7899 { 6, "KerbSmartCardLogon" }, 7900 { 7, "KerbWorkstationUnlockLogon" }, 7901 { 8, "KerbSmartCardUnlockLogon" }, 7902 { 9, "KerbProxyLogon" }, 7903 { 10, "KerbTicketLogon" }, 7904 { 11, "KerbTicketUnlockLogon" }, 7905 { 12, "KerbS4ULogon" }, 7906 { 13, "KerbCertificateLogon" }, 7907 { 14, "KerbCertificateS4ULogon" }, 7908 { 15, "KerbCertificateUnlockLogon" }, 7909 { 0, NULL } 7910 }; 7911 7912 7913 #define KERB_LOGON_FLAG_ALLOW_EXPIRED_TICKET 0x1 7914 #define KERB_LOGON_FLAG_REDIRECTED 0x2 7915 7916 static int* const ktl_flags_bits[] = { 7917 &hf_kerberos_KERB_TICKET_LOGON_FLAG_ALLOW_EXPIRED_TICKET, 7918 &hf_kerberos_KERB_TICKET_LOGON_FLAG_REDIRECTED, 7919 NULL 7920 }; 7921 7922 int 7923 dissect_kerberos_KERB_TICKET_LOGON(tvbuff_t *tvb, int offset, asn1_ctx_t *actx, proto_tree *tree) 7924 { 7925 proto_item *item; 7926 proto_tree *subtree; 7927 guint32 ServiceTicketLength; 7928 guint32 TicketGrantingTicketLength; 7929 int orig_offset; 7930 7931 if (tvb_captured_length(tvb) < 32) 7932 return offset; 7933 7934 item = proto_tree_add_item(tree, hf_kerberos_KERB_TICKET_LOGON, tvb, offset, -1, ENC_NA); 7935 subtree = proto_item_add_subtree(item, ett_kerberos_KERB_TICKET_LOGON); 7936 7937 proto_tree_add_item(subtree, hf_kerberos_KERB_TICKET_LOGON_MessageType, tvb, offset, 4, 7938 ENC_LITTLE_ENDIAN); 7939 offset+=4; 7940 7941 proto_tree_add_bitmask(subtree, tvb, offset, hf_kerberos_KERB_TICKET_LOGON_Flags, 7942 ett_kerberos, ktl_flags_bits, ENC_LITTLE_ENDIAN); 7943 offset+=4; 7944 7945 ServiceTicketLength = tvb_get_letohl(tvb, offset); 7946 proto_tree_add_item(subtree, hf_kerberos_KERB_TICKET_LOGON_ServiceTicketLength, tvb, 7947 offset, 4, ENC_LITTLE_ENDIAN); 7948 offset+=4; 7949 7950 TicketGrantingTicketLength = tvb_get_letohl(tvb, offset); 7951 proto_tree_add_item(subtree, hf_kerberos_KERB_TICKET_LOGON_TicketGrantingTicketLength, 7952 tvb, offset, 4, ENC_LITTLE_ENDIAN); 7953 offset+=4; 7954 7955 /* Skip two PUCHAR of ServiceTicket and TicketGrantingTicket */ 7956 offset+=16; 7957 7958 if (ServiceTicketLength == 0) 7959 return offset; 7960 7961 orig_offset = offset; 7962 offset = dissect_kerberos_Ticket(FALSE, tvb, offset, actx, subtree, 7963 hf_kerberos_KERB_TICKET_LOGON_ServiceTicket); 7964 7965 if ((unsigned)(offset-orig_offset) != ServiceTicketLength) 7966 return offset; 7967 7968 if (TicketGrantingTicketLength == 0) 7969 return offset; 7970 7971 offset = dissect_kerberos_KRB_CRED(FALSE, tvb, offset, actx, subtree, 7972 hf_kerberos_KERB_TICKET_LOGON_TicketGrantingTicket); 7973 7974 if ((unsigned)(offset-orig_offset) != ServiceTicketLength + TicketGrantingTicketLength) 7975 return offset; 7976 7977 return offset; 7978 } 7979 7980 static gint 7981 dissect_kerberos_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, 7982 gboolean dci, gboolean do_col_protocol, gboolean have_rm, 7983 kerberos_callbacks *cb) 7984 { 7985 volatile int offset = 0; 7986 proto_tree *volatile kerberos_tree = NULL; 7987 proto_item *volatile item = NULL; 7988 kerberos_private_data_t *private_data = NULL; 7989 asn1_ctx_t asn1_ctx; 7990 7991 /* TCP record mark and length */ 7992 guint32 krb_rm = 0; 7993 gint krb_reclen = 0; 7994 7995 gbl_do_col_info=dci; 7996 7997 if (have_rm) { 7998 krb_rm = tvb_get_ntohl(tvb, offset); 7999 krb_reclen = kerberos_rm_to_reclen(krb_rm); 8000 /* 8001 * What is a reasonable size limit? 8002 */ 8003 if (krb_reclen > 10 * 1024 * 1024) { 8004 return (-1); 8005 } 8006 8007 if (do_col_protocol) { 8008 col_set_str(pinfo->cinfo, COL_PROTOCOL, "KRB5"); 8009 } 8010 8011 if (tree) { 8012 item = proto_tree_add_item(tree, proto_kerberos, tvb, 0, -1, ENC_NA); 8013 kerberos_tree = proto_item_add_subtree(item, ett_kerberos); 8014 } 8015 8016 show_krb_recordmark(kerberos_tree, tvb, offset, krb_rm); 8017 offset += 4; 8018 } else { 8019 /* Do some sanity checking here, 8020 * All krb5 packets start with a TAG class that is BER_CLASS_APP 8021 * and a tag value that is either of the values below: 8022 * If it doesn't look like kerberos, return 0 and let someone else have 8023 * a go at it. 8024 */ 8025 gint8 tmp_class; 8026 gboolean tmp_pc; 8027 gint32 tmp_tag; 8028 8029 get_ber_identifier(tvb, offset, &tmp_class, &tmp_pc, &tmp_tag); 8030 if(tmp_class!=BER_CLASS_APP){ 8031 return 0; 8032 } 8033 switch(tmp_tag){ 8034 case KRB5_MSG_TICKET: 8035 case KRB5_MSG_AUTHENTICATOR: 8036 case KRB5_MSG_ENC_TICKET_PART: 8037 case KRB5_MSG_AS_REQ: 8038 case KRB5_MSG_AS_REP: 8039 case KRB5_MSG_TGS_REQ: 8040 case KRB5_MSG_TGS_REP: 8041 case KRB5_MSG_AP_REQ: 8042 case KRB5_MSG_AP_REP: 8043 case KRB5_MSG_ENC_AS_REP_PART: 8044 case KRB5_MSG_ENC_TGS_REP_PART: 8045 case KRB5_MSG_ENC_AP_REP_PART: 8046 case KRB5_MSG_ENC_KRB_PRIV_PART: 8047 case KRB5_MSG_ENC_KRB_CRED_PART: 8048 case KRB5_MSG_SAFE: 8049 case KRB5_MSG_PRIV: 8050 case KRB5_MSG_ERROR: 8051 break; 8052 default: 8053 return 0; 8054 } 8055 if (do_col_protocol) { 8056 col_set_str(pinfo->cinfo, COL_PROTOCOL, "KRB5"); 8057 } 8058 if (gbl_do_col_info) { 8059 col_clear(pinfo->cinfo, COL_INFO); 8060 } 8061 if (tree) { 8062 item = proto_tree_add_item(tree, proto_kerberos, tvb, 0, -1, ENC_NA); 8063 kerberos_tree = proto_item_add_subtree(item, ett_kerberos); 8064 } 8065 } 8066 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo); 8067 asn1_ctx.private_data = NULL; 8068 private_data = kerberos_get_private_data(&asn1_ctx); 8069 private_data->callbacks = cb; 8070 8071 TRY { 8072 offset=dissect_kerberos_Applications(FALSE, tvb, offset, &asn1_ctx , kerberos_tree, /* hf_index */ -1); 8073 } CATCH_BOUNDS_ERRORS { 8074 RETHROW; 8075 } ENDTRY; 8076 8077 if (kerberos_tree != NULL) { 8078 struct kerberos_display_key_state display_state = { 8079 .tree = kerberos_tree, 8080 .pinfo = pinfo, 8081 .expindex = &ei_kerberos_learnt_keytype, 8082 .name = "Provides", 8083 .tvb = tvb, 8084 }; 8085 8086 wmem_list_foreach(private_data->learnt_keys, 8087 kerberos_display_key, 8088 &display_state); 8089 } 8090 8091 if (kerberos_tree != NULL) { 8092 struct kerberos_display_key_state display_state = { 8093 .tree = kerberos_tree, 8094 .pinfo = pinfo, 8095 .expindex = &ei_kerberos_missing_keytype, 8096 .name = "Missing", 8097 .tvb = tvb, 8098 }; 8099 8100 wmem_list_foreach(private_data->missing_keys, 8101 kerberos_display_key, 8102 &display_state); 8103 } 8104 8105 if (kerberos_tree != NULL) { 8106 struct kerberos_display_key_state display_state = { 8107 .tree = kerberos_tree, 8108 .pinfo = pinfo, 8109 .expindex = &ei_kerberos_decrypted_keytype, 8110 .name = "Used", 8111 .tvb = tvb, 8112 }; 8113 8114 wmem_list_foreach(private_data->decryption_keys, 8115 kerberos_display_key, 8116 &display_state); 8117 } 8118 8119 proto_item_set_len(item, offset); 8120 return offset; 8121 } 8122 8123 /* 8124 * Display the TCP record mark. 8125 */ 8126 void 8127 show_krb_recordmark(proto_tree *tree, tvbuff_t *tvb, gint start, guint32 krb_rm) 8128 { 8129 gint rec_len; 8130 proto_tree *rm_tree; 8131 8132 if (tree == NULL) 8133 return; 8134 8135 rec_len = kerberos_rm_to_reclen(krb_rm); 8136 rm_tree = proto_tree_add_subtree_format(tree, tvb, start, 4, ett_krb_recordmark, NULL, 8137 "Record Mark: %u %s", rec_len, plurality(rec_len, "byte", "bytes")); 8138 proto_tree_add_boolean(rm_tree, hf_krb_rm_reserved, tvb, start, 4, krb_rm); 8139 proto_tree_add_uint(rm_tree, hf_krb_rm_reclen, tvb, start, 4, krb_rm); 8140 } 8141 8142 gint 8143 dissect_kerberos_main(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int do_col_info, kerberos_callbacks *cb) 8144 { 8145 return (dissect_kerberos_common(tvb, pinfo, tree, do_col_info, FALSE, FALSE, cb)); 8146 } 8147 8148 guint32 8149 kerberos_output_keytype(void) 8150 { 8151 return gbl_keytype; 8152 } 8153 8154 static gint 8155 dissect_kerberos_udp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_) 8156 { 8157 /* Some weird kerberos implementation apparently do krb4 on the krb5 port. 8158 Since all (except weirdo transarc krb4 stuff) use 8159 an opcode <=16 in the first byte, use this to see if it might 8160 be krb4. 8161 All krb5 commands start with an APPL tag and thus is >=0x60 8162 so if first byte is <=16 just blindly assume it is krb4 then 8163 */ 8164 if(tvb_captured_length(tvb) >= 1 && tvb_get_guint8(tvb, 0)<=0x10){ 8165 if(krb4_handle){ 8166 gboolean res; 8167 8168 res=call_dissector_only(krb4_handle, tvb, pinfo, tree, NULL); 8169 return res; 8170 }else{ 8171 return 0; 8172 } 8173 } 8174 8175 8176 return dissect_kerberos_common(tvb, pinfo, tree, TRUE, TRUE, FALSE, NULL); 8177 } 8178 8179 gint 8180 kerberos_rm_to_reclen(guint krb_rm) 8181 { 8182 return (krb_rm & KRB_RM_RECLEN); 8183 } 8184 8185 guint 8186 get_krb_pdu_len(packet_info *pinfo _U_, tvbuff_t *tvb, int offset, void *data _U_) 8187 { 8188 guint krb_rm; 8189 gint pdulen; 8190 8191 krb_rm = tvb_get_ntohl(tvb, offset); 8192 pdulen = kerberos_rm_to_reclen(krb_rm); 8193 return (pdulen + 4); 8194 } 8195 static void 8196 kerberos_prefs_apply_cb(void) { 8197 #ifdef HAVE_LIBNETTLE 8198 clear_keytab(); 8199 read_keytab_file(keytab_filename); 8200 #endif 8201 } 8202 8203 static int 8204 dissect_kerberos_tcp_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_) 8205 { 8206 pinfo->fragmented = TRUE; 8207 if (dissect_kerberos_common(tvb, pinfo, tree, TRUE, TRUE, TRUE, NULL) < 0) { 8208 /* 8209 * The dissector failed to recognize this as a valid 8210 * Kerberos message. Mark it as a continuation packet. 8211 */ 8212 col_set_str(pinfo->cinfo, COL_INFO, "Continuation"); 8213 } 8214 8215 return tvb_captured_length(tvb); 8216 } 8217 8218 static int 8219 dissect_kerberos_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data) 8220 { 8221 col_set_str(pinfo->cinfo, COL_PROTOCOL, "KRB5"); 8222 col_clear(pinfo->cinfo, COL_INFO); 8223 8224 tcp_dissect_pdus(tvb, pinfo, tree, krb_desegment, 4, get_krb_pdu_len, 8225 dissect_kerberos_tcp_pdu, data); 8226 return tvb_captured_length(tvb); 8227 } 8228 8229 /*--- proto_register_kerberos -------------------------------------------*/ 8230 void proto_register_kerberos(void) { 8231 8232 /* List of fields */ 8233 8234 static hf_register_info hf[] = { 8235 { &hf_krb_rm_reserved, { 8236 "Reserved", "kerberos.rm.reserved", FT_BOOLEAN, 32, 8237 TFS(&tfs_set_notset), KRB_RM_RESERVED, "Record mark reserved bit", HFILL }}, 8238 { &hf_krb_rm_reclen, { 8239 "Record Length", "kerberos.rm.length", FT_UINT32, BASE_DEC, 8240 NULL, KRB_RM_RECLEN, NULL, HFILL }}, 8241 { &hf_krb_provsrv_location, { 8242 "PROVSRV Location", "kerberos.provsrv_location", FT_STRING, BASE_NONE, 8243 NULL, 0, "PacketCable PROV SRV Location", HFILL }}, 8244 { &hf_krb_pw_salt, 8245 { "pw-salt", "kerberos.pw_salt", FT_BYTES, BASE_NONE, 8246 NULL, 0, NULL, HFILL }}, 8247 { &hf_krb_ext_error_nt_status, /* we keep kerberos.smb.nt_status for compat reasons */ 8248 { "NT Status", "kerberos.smb.nt_status", FT_UINT32, BASE_HEX, 8249 VALS(NT_errors), 0, "NT Status code", HFILL }}, 8250 { &hf_krb_ext_error_reserved, 8251 { "Reserved", "kerberos.ext_error.reserved", FT_UINT32, BASE_HEX, 8252 NULL, 0, NULL, HFILL }}, 8253 { &hf_krb_ext_error_flags, 8254 { "Flags", "kerberos.ext_error.flags", FT_UINT32, BASE_HEX, 8255 NULL, 0, NULL, HFILL }}, 8256 { &hf_krb_address_ip, { 8257 "IP Address", "kerberos.addr_ip", FT_IPv4, BASE_NONE, 8258 NULL, 0, NULL, HFILL }}, 8259 { &hf_krb_address_ipv6, { 8260 "IPv6 Address", "kerberos.addr_ipv6", FT_IPv6, BASE_NONE, 8261 NULL, 0, NULL, HFILL }}, 8262 { &hf_krb_address_netbios, { 8263 "NetBIOS Address", "kerberos.addr_nb", FT_STRING, BASE_NONE, 8264 NULL, 0, "NetBIOS Address and type", HFILL }}, 8265 { &hf_krb_gssapi_len, { 8266 "Length", "kerberos.gssapi.len", FT_UINT32, BASE_DEC, 8267 NULL, 0, "Length of GSSAPI Bnd field", HFILL }}, 8268 { &hf_krb_gssapi_bnd, { 8269 "Bnd", "kerberos.gssapi.bdn", FT_BYTES, BASE_NONE, 8270 NULL, 0, "GSSAPI Bnd field", HFILL }}, 8271 { &hf_krb_gssapi_c_flag_deleg, { 8272 "Deleg", "kerberos.gssapi.checksum.flags.deleg", FT_BOOLEAN, 32, 8273 TFS(&tfs_gss_flags_deleg), KRB5_GSS_C_DELEG_FLAG, NULL, HFILL }}, 8274 { &hf_krb_gssapi_c_flag_mutual, { 8275 "Mutual", "kerberos.gssapi.checksum.flags.mutual", FT_BOOLEAN, 32, 8276 TFS(&tfs_gss_flags_mutual), KRB5_GSS_C_MUTUAL_FLAG, NULL, HFILL }}, 8277 { &hf_krb_gssapi_c_flag_replay, { 8278 "Replay", "kerberos.gssapi.checksum.flags.replay", FT_BOOLEAN, 32, 8279 TFS(&tfs_gss_flags_replay), KRB5_GSS_C_REPLAY_FLAG, NULL, HFILL }}, 8280 { &hf_krb_gssapi_c_flag_sequence, { 8281 "Sequence", "kerberos.gssapi.checksum.flags.sequence", FT_BOOLEAN, 32, 8282 TFS(&tfs_gss_flags_sequence), KRB5_GSS_C_SEQUENCE_FLAG, NULL, HFILL }}, 8283 { &hf_krb_gssapi_c_flag_conf, { 8284 "Conf", "kerberos.gssapi.checksum.flags.conf", FT_BOOLEAN, 32, 8285 TFS(&tfs_gss_flags_conf), KRB5_GSS_C_CONF_FLAG, NULL, HFILL }}, 8286 { &hf_krb_gssapi_c_flag_integ, { 8287 "Integ", "kerberos.gssapi.checksum.flags.integ", FT_BOOLEAN, 32, 8288 TFS(&tfs_gss_flags_integ), KRB5_GSS_C_INTEG_FLAG, NULL, HFILL }}, 8289 { &hf_krb_gssapi_c_flag_dce_style, { 8290 "DCE-style", "kerberos.gssapi.checksum.flags.dce-style", FT_BOOLEAN, 32, 8291 TFS(&tfs_gss_flags_dce_style), KRB5_GSS_C_DCE_STYLE, NULL, HFILL }}, 8292 { &hf_krb_gssapi_dlgopt, { 8293 "DlgOpt", "kerberos.gssapi.dlgopt", FT_UINT16, BASE_DEC, 8294 NULL, 0, "GSSAPI DlgOpt", HFILL }}, 8295 { &hf_krb_gssapi_dlglen, { 8296 "DlgLen", "kerberos.gssapi.dlglen", FT_UINT16, BASE_DEC, 8297 NULL, 0, "GSSAPI DlgLen", HFILL }}, 8298 { &hf_krb_midl_blob_len, { 8299 "Blob Length", "kerberos.midl_blob_len", FT_UINT64, BASE_DEC, 8300 NULL, 0, "Length of NDR encoded data that follows", HFILL }}, 8301 { &hf_krb_midl_fill_bytes, { 8302 "Fill bytes", "kerberos.midl.fill_bytes", FT_UINT32, BASE_HEX, 8303 NULL, 0, "Just some fill bytes", HFILL }}, 8304 { &hf_krb_midl_version, { 8305 "Version", "kerberos.midl.version", FT_UINT8, BASE_DEC, 8306 NULL, 0, "Version of pickling", HFILL }}, 8307 { &hf_krb_midl_hdr_len, { 8308 "HDR Length", "kerberos.midl.hdr_len", FT_UINT16, BASE_DEC, 8309 NULL, 0, "Length of header", HFILL }}, 8310 { &hf_krb_pac_signature_type, { 8311 "Type", "kerberos.pac.signature.type", FT_INT32, BASE_DEC, 8312 NULL, 0, "PAC Signature Type", HFILL }}, 8313 { &hf_krb_pac_signature_signature, { 8314 "Signature", "kerberos.pac.signature.signature", FT_BYTES, BASE_NONE, 8315 NULL, 0, "A PAC signature blob", HFILL }}, 8316 { &hf_krb_w2k_pac_entries, { 8317 "Num Entries", "kerberos.pac.entries", FT_UINT32, BASE_DEC, 8318 NULL, 0, "Number of W2k PAC entries", HFILL }}, 8319 { &hf_krb_w2k_pac_version, { 8320 "Version", "kerberos.pac.version", FT_UINT32, BASE_DEC, 8321 NULL, 0, "Version of PAC structures", HFILL }}, 8322 { &hf_krb_w2k_pac_type, { 8323 "Type", "kerberos.pac.type", FT_UINT32, BASE_DEC, 8324 VALS(w2k_pac_types), 0, "Type of W2k PAC entry", HFILL }}, 8325 { &hf_krb_w2k_pac_size, { 8326 "Size", "kerberos.pac.size", FT_UINT32, BASE_DEC, 8327 NULL, 0, "Size of W2k PAC entry", HFILL }}, 8328 { &hf_krb_w2k_pac_offset, { 8329 "Offset", "kerberos.pac.offset", FT_UINT32, BASE_DEC, 8330 NULL, 0, "Offset to W2k PAC entry", HFILL }}, 8331 { &hf_krb_pac_clientid, { 8332 "ClientID", "kerberos.pac.clientid", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, 8333 NULL, 0, "ClientID Timestamp", HFILL }}, 8334 { &hf_krb_pac_namelen, { 8335 "Name Length", "kerberos.pac.namelen", FT_UINT16, BASE_DEC, 8336 NULL, 0, "Length of client name", HFILL }}, 8337 { &hf_krb_pac_clientname, { 8338 "Name", "kerberos.pac.name", FT_STRING, BASE_NONE, 8339 NULL, 0, "Name of the Client in the PAC structure", HFILL }}, 8340 { &hf_krb_pac_logon_info, { 8341 "PAC_LOGON_INFO", "kerberos.pac_logon_info", FT_BYTES, BASE_NONE, 8342 NULL, 0, "PAC_LOGON_INFO structure", HFILL }}, 8343 { &hf_krb_pac_credential_data, { 8344 "PAC_CREDENTIAL_DATA", "kerberos.pac_credential_data", FT_BYTES, BASE_NONE, 8345 NULL, 0, "PAC_CREDENTIAL_DATA structure", HFILL }}, 8346 { &hf_krb_pac_credential_info, { 8347 "PAC_CREDENTIAL_INFO", "kerberos.pac_credential_info", FT_BYTES, BASE_NONE, 8348 NULL, 0, "PAC_CREDENTIAL_INFO structure", HFILL }}, 8349 { &hf_krb_pac_credential_info_version, { 8350 "Version", "kerberos.pac_credential_info.version", FT_UINT32, BASE_DEC, 8351 NULL, 0, NULL, HFILL }}, 8352 { &hf_krb_pac_credential_info_etype, { 8353 "Etype", "kerberos.pac_credential_info.etype", FT_UINT32, BASE_DEC, 8354 NULL, 0, NULL, HFILL }}, 8355 { &hf_krb_pac_server_checksum, { 8356 "PAC_SERVER_CHECKSUM", "kerberos.pac_server_checksum", FT_BYTES, BASE_NONE, 8357 NULL, 0, "PAC_SERVER_CHECKSUM structure", HFILL }}, 8358 { &hf_krb_pac_privsvr_checksum, { 8359 "PAC_PRIVSVR_CHECKSUM", "kerberos.pac_privsvr_checksum", FT_BYTES, BASE_NONE, 8360 NULL, 0, "PAC_PRIVSVR_CHECKSUM structure", HFILL }}, 8361 { &hf_krb_pac_client_info_type, { 8362 "PAC_CLIENT_INFO_TYPE", "kerberos.pac_client_info_type", FT_BYTES, BASE_NONE, 8363 NULL, 0, "PAC_CLIENT_INFO_TYPE structure", HFILL }}, 8364 { &hf_krb_pac_s4u_delegation_info, { 8365 "PAC_S4U_DELEGATION_INFO", "kerberos.pac_s4u_delegation_info", FT_BYTES, BASE_NONE, 8366 NULL, 0, "PAC_S4U_DELEGATION_INFO structure", HFILL }}, 8367 { &hf_krb_pac_upn_dns_info, { 8368 "UPN_DNS_INFO", "kerberos.pac_upn_dns_info", FT_BYTES, BASE_NONE, 8369 NULL, 0, "UPN_DNS_INFO structure", HFILL }}, 8370 { &hf_krb_pac_upn_flags, { 8371 "Flags", "kerberos.pac.upn.flags", FT_UINT32, BASE_HEX, 8372 NULL, 0, "UPN flags", HFILL }}, 8373 { &hf_krb_pac_upn_dns_offset, { 8374 "DNS Offset", "kerberos.pac.upn.dns_offset", FT_UINT16, BASE_DEC, 8375 NULL, 0, NULL, HFILL }}, 8376 { &hf_krb_pac_upn_dns_len, { 8377 "DNS Len", "kerberos.pac.upn.dns_len", FT_UINT16, BASE_DEC, 8378 NULL, 0, NULL, HFILL }}, 8379 { &hf_krb_pac_upn_upn_offset, { 8380 "UPN Offset", "kerberos.pac.upn.upn_offset", FT_UINT16, BASE_DEC, 8381 NULL, 0, NULL, HFILL }}, 8382 { &hf_krb_pac_upn_upn_len, { 8383 "UPN Len", "kerberos.pac.upn.upn_len", FT_UINT16, BASE_DEC, 8384 NULL, 0, NULL, HFILL }}, 8385 { &hf_krb_pac_upn_upn_name, { 8386 "UPN Name", "kerberos.pac.upn.upn_name", FT_STRING, BASE_NONE, 8387 NULL, 0, NULL, HFILL }}, 8388 { &hf_krb_pac_upn_dns_name, { 8389 "DNS Name", "kerberos.pac.upn.dns_name", FT_STRING, BASE_NONE, 8390 NULL, 0, NULL, HFILL }}, 8391 { &hf_krb_pac_client_claims_info, { 8392 "PAC_CLIENT_CLAIMS_INFO", "kerberos.pac_client_claims_info", FT_BYTES, BASE_NONE, 8393 NULL, 0, "PAC_CLIENT_CLAIMS_INFO structure", HFILL }}, 8394 { &hf_krb_pac_device_info, { 8395 "PAC_DEVICE_INFO", "kerberos.pac_device_info", FT_BYTES, BASE_NONE, 8396 NULL, 0, "PAC_DEVICE_INFO structure", HFILL }}, 8397 { &hf_krb_pac_device_claims_info, { 8398 "PAC_DEVICE_CLAIMS_INFO", "kerberos.pac_device_claims_info", FT_BYTES, BASE_NONE, 8399 NULL, 0, "PAC_DEVICE_CLAIMS_INFO structure", HFILL }}, 8400 { &hf_krb_pac_ticket_checksum, { 8401 "PAC_TICKET_CHECKSUM", "kerberos.pac_ticket_checksum", FT_BYTES, BASE_NONE, 8402 NULL, 0, "PAC_TICKET_CHECKSUM structure", HFILL }}, 8403 { &hf_krb_pa_supported_enctypes, 8404 { "SupportedEnctypes", "kerberos.supported_entypes", 8405 FT_UINT32, BASE_HEX, NULL, 0, NULL, HFILL }}, 8406 { &hf_krb_pa_supported_enctypes_des_cbc_crc, 8407 { "des-cbc-crc", "kerberos.supported_entypes.des-cbc-crc", 8408 FT_BOOLEAN, 32, TFS(&tfs_supported_not_supported), 0x00000001, NULL, HFILL }}, 8409 { &hf_krb_pa_supported_enctypes_des_cbc_md5, 8410 { "des-cbc-md5", "kerberos.supported_entypes.des-cbc-md5", 8411 FT_BOOLEAN, 32, TFS(&tfs_supported_not_supported), 0x00000002, NULL, HFILL }}, 8412 { &hf_krb_pa_supported_enctypes_rc4_hmac, 8413 { "rc4-hmac", "kerberos.supported_entypes.rc4-hmac", 8414 FT_BOOLEAN, 32, TFS(&tfs_supported_not_supported), 0x00000004, NULL, HFILL }}, 8415 { &hf_krb_pa_supported_enctypes_aes128_cts_hmac_sha1_96, 8416 { "aes128-cts-hmac-sha1-96", "kerberos.supported_entypes.aes128-cts-hmac-sha1-96", 8417 FT_BOOLEAN, 32, TFS(&tfs_supported_not_supported), 0x00000008, NULL, HFILL }}, 8418 { &hf_krb_pa_supported_enctypes_aes256_cts_hmac_sha1_96, 8419 { "aes256-cts-hmac-sha1-96", "kerberos.supported_entypes.aes256-cts-hmac-sha1-96", 8420 FT_BOOLEAN, 32, TFS(&tfs_supported_not_supported), 0x00000010, NULL, HFILL }}, 8421 { &hf_krb_pa_supported_enctypes_fast_supported, 8422 { "fast-supported", "kerberos.supported_entypes.fast-supported", 8423 FT_BOOLEAN, 32, TFS(&tfs_supported_not_supported), 0x00010000, NULL, HFILL }}, 8424 { &hf_krb_pa_supported_enctypes_compound_identity_supported, 8425 { "compound-identity-supported", "kerberos.supported_entypes.compound-identity-supported", 8426 FT_BOOLEAN, 32, TFS(&tfs_supported_not_supported), 0x00020000, NULL, HFILL }}, 8427 { &hf_krb_pa_supported_enctypes_claims_supported, 8428 { "claims-supported", "kerberos.supported_entypes.claims-supported", 8429 FT_BOOLEAN, 32, TFS(&tfs_supported_not_supported), 0x00040000, NULL, HFILL }}, 8430 { &hf_krb_pa_supported_enctypes_resource_sid_compression_disabled, 8431 { "resource-sid-compression-disabled", "kerberos.supported_entypes.resource-sid-compression-disabled", 8432 FT_BOOLEAN, 32, TFS(&tfs_supported_not_supported), 0x00080000, NULL, HFILL }}, 8433 { &hf_krb_ad_ap_options, 8434 { "AD-AP-Options", "kerberos.ad_ap_options", 8435 FT_UINT32, BASE_HEX, NULL, 0, NULL, HFILL }}, 8436 { &hf_krb_ad_ap_options_cbt, 8437 { "ChannelBindings", "kerberos.ad_ap_options.cbt", 8438 FT_BOOLEAN, 32, TFS(&tfs_set_notset), 0x00004000, NULL, HFILL }}, 8439 { &hf_krb_ad_target_principal, 8440 { "Target Principal", "kerberos.ad_target_principal", 8441 FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }}, 8442 { &hf_krb_key_hidden_item, 8443 { "KeyHiddenItem", "krb5.key_hidden_item", 8444 FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL }}, 8445 { &hf_kerberos_KERB_TICKET_LOGON, 8446 { "KERB_TICKET_LOGON", "kerberos.KERB_TICKET_LOGON", 8447 FT_NONE, BASE_NONE, NULL, 0, 8448 NULL, HFILL }}, 8449 { &hf_kerberos_KERB_TICKET_LOGON_MessageType, 8450 { "MessageType", "kerberos.KERB_TICKET_LOGON.MessageType", 8451 FT_UINT32, BASE_DEC, VALS(KERB_LOGON_SUBMIT_TYPE), 0, 8452 NULL, HFILL }}, 8453 { &hf_kerberos_KERB_TICKET_LOGON_Flags, 8454 { "Flags", "kerberos.KERB_TICKET_LOGON.Flags", 8455 FT_UINT32, BASE_DEC, NULL, 0, 8456 NULL, HFILL }}, 8457 { &hf_kerberos_KERB_TICKET_LOGON_ServiceTicketLength, 8458 { "ServiceTicketLength", "kerberos.KERB_TICKET_LOGON.ServiceTicketLength", 8459 FT_UINT32, BASE_DEC, NULL, 0, 8460 NULL, HFILL }}, 8461 { &hf_kerberos_KERB_TICKET_LOGON_TicketGrantingTicketLength, 8462 { "TicketGrantingTicketLength", "kerberos.KERB_TICKET_LOGON.TicketGrantingTicketLength", 8463 FT_UINT32, BASE_DEC, NULL, 0, 8464 NULL, HFILL }}, 8465 { &hf_kerberos_KERB_TICKET_LOGON_ServiceTicket, 8466 { "ServiceTicket", "kerberos.KERB_TICKET_LOGON.ServiceTicket", 8467 FT_NONE, BASE_NONE, NULL, 0, 8468 NULL, HFILL }}, 8469 { &hf_kerberos_KERB_TICKET_LOGON_TicketGrantingTicket, 8470 { "TicketGrantingTicket", "kerberos.KERB_TICKET_LOGON.TicketGrantingTicket", 8471 FT_NONE, BASE_NONE, NULL, 0, 8472 NULL, HFILL }}, 8473 { &hf_kerberos_KERB_TICKET_LOGON_FLAG_ALLOW_EXPIRED_TICKET, 8474 { "allow_expired_ticket", "kerberos.KERB_TICKET_LOGON.FLAG_ALLOW_EXPIRED_TICKET", 8475 FT_BOOLEAN, 32, NULL, KERB_LOGON_FLAG_ALLOW_EXPIRED_TICKET, 8476 NULL, HFILL }}, 8477 { &hf_kerberos_KERB_TICKET_LOGON_FLAG_REDIRECTED, 8478 { "redirected", "kerberos.KERB_TICKET_LOGON.FLAG_REDIRECTED", 8479 FT_BOOLEAN, 32, NULL, KERB_LOGON_FLAG_REDIRECTED, 8480 NULL, HFILL }}, 8481 #ifdef HAVE_KERBEROS 8482 { &hf_kerberos_KrbFastResponse, 8483 { "KrbFastResponse", "kerberos.KrbFastResponse_element", 8484 FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }}, 8485 { &hf_kerberos_strengthen_key, 8486 { "strengthen-key", "kerberos.strengthen_key_element", 8487 FT_NONE, BASE_NONE, NULL, 0, 8488 NULL, HFILL }}, 8489 { &hf_kerberos_finished, 8490 { "finished", "kerberos.finished_element", 8491 FT_NONE, BASE_NONE, NULL, 0, 8492 "KrbFastFinished", HFILL }}, 8493 { &hf_kerberos_fast_options, 8494 { "fast-options", "kerberos.fast_options", 8495 FT_BYTES, BASE_NONE, NULL, 0, 8496 "FastOptions", HFILL }}, 8497 { &hf_kerberos_FastOptions_reserved, 8498 { "reserved", "kerberos.FastOptions.reserved", 8499 FT_BOOLEAN, 8, NULL, 0x80, 8500 NULL, HFILL }}, 8501 { &hf_kerberos_FastOptions_hide_client_names, 8502 { "hide-client-names", "kerberos.FastOptions.hide.client.names", 8503 FT_BOOLEAN, 8, NULL, 0x40, 8504 NULL, HFILL }}, 8505 { &hf_kerberos_FastOptions_spare_bit2, 8506 { "spare_bit2", "kerberos.FastOptions.spare.bit2", 8507 FT_BOOLEAN, 8, NULL, 0x20, 8508 NULL, HFILL }}, 8509 { &hf_kerberos_FastOptions_spare_bit3, 8510 { "spare_bit3", "kerberos.FastOptions.spare.bit3", 8511 FT_BOOLEAN, 8, NULL, 0x10, 8512 NULL, HFILL }}, 8513 { &hf_kerberos_FastOptions_spare_bit4, 8514 { "spare_bit4", "kerberos.FastOptions.spare.bit4", 8515 FT_BOOLEAN, 8, NULL, 0x08, 8516 NULL, HFILL }}, 8517 { &hf_kerberos_FastOptions_spare_bit5, 8518 { "spare_bit5", "kerberos.FastOptions.spare.bit5", 8519 FT_BOOLEAN, 8, NULL, 0x04, 8520 NULL, HFILL }}, 8521 { &hf_kerberos_FastOptions_spare_bit6, 8522 { "spare_bit6", "kerberos.FastOptions.spare.bit6", 8523 FT_BOOLEAN, 8, NULL, 0x02, 8524 NULL, HFILL }}, 8525 { &hf_kerberos_FastOptions_spare_bit7, 8526 { "spare_bit7", "kerberos.FastOptions.spare.bit7", 8527 FT_BOOLEAN, 8, NULL, 0x01, 8528 NULL, HFILL }}, 8529 { &hf_kerberos_FastOptions_spare_bit8, 8530 { "spare_bit8", "kerberos.FastOptions.spare.bit8", 8531 FT_BOOLEAN, 8, NULL, 0x80, 8532 NULL, HFILL }}, 8533 { &hf_kerberos_FastOptions_spare_bit9, 8534 { "spare_bit9", "kerberos.FastOptions.spare.bit9", 8535 FT_BOOLEAN, 8, NULL, 0x40, 8536 NULL, HFILL }}, 8537 { &hf_kerberos_FastOptions_spare_bit10, 8538 { "spare_bit10", "kerberos.FastOptions.spare.bit10", 8539 FT_BOOLEAN, 8, NULL, 0x20, 8540 NULL, HFILL }}, 8541 { &hf_kerberos_FastOptions_spare_bit11, 8542 { "spare_bit11", "kerberos.FastOptions.spare.bit11", 8543 FT_BOOLEAN, 8, NULL, 0x10, 8544 NULL, HFILL }}, 8545 { &hf_kerberos_FastOptions_spare_bit12, 8546 { "spare_bit12", "kerberos.FastOptions.spare.bit12", 8547 FT_BOOLEAN, 8, NULL, 0x08, 8548 NULL, HFILL }}, 8549 { &hf_kerberos_FastOptions_spare_bit13, 8550 { "spare_bit13", "kerberos.FastOptions.spare.bit13", 8551 FT_BOOLEAN, 8, NULL, 0x04, 8552 NULL, HFILL }}, 8553 { &hf_kerberos_FastOptions_spare_bit14, 8554 { "spare_bit14", "kerberos.FastOptions.spare.bit14", 8555 FT_BOOLEAN, 8, NULL, 0x02, 8556 NULL, HFILL }}, 8557 { &hf_kerberos_FastOptions_spare_bit15, 8558 { "spare_bit15", "kerberos.FastOptions.spare.bit15", 8559 FT_BOOLEAN, 8, NULL, 0x01, 8560 NULL, HFILL }}, 8561 { &hf_kerberos_FastOptions_kdc_follow_referrals, 8562 { "kdc-follow-referrals", "kerberos.FastOptions.kdc.follow.referrals", 8563 FT_BOOLEAN, 8, NULL, 0x80, 8564 NULL, HFILL }}, 8565 { &hf_kerberos_ticket_checksum, 8566 { "ticket-checksum", "kerberos.ticket_checksum_element", 8567 FT_NONE, BASE_NONE, NULL, 0, 8568 "Checksum", HFILL }}, 8569 { &hf_krb_patimestamp, 8570 { "patimestamp", "kerberos.patimestamp", 8571 FT_STRING, BASE_NONE, NULL, 0, "KerberosTime", HFILL }}, 8572 { &hf_krb_pausec, 8573 { "pausec", "kerberos.pausec", 8574 FT_UINT32, BASE_DEC, NULL, 0, "Microseconds", HFILL }}, 8575 #endif /* HAVE_KERBEROS */ 8576 8577 8578 /*--- Included file: packet-kerberos-hfarr.c ---*/ 8579 #line 1 "./asn1/kerberos/packet-kerberos-hfarr.c" 8580 { &hf_kerberos_ticket, 8581 { "ticket", "kerberos.ticket_element", 8582 FT_NONE, BASE_NONE, NULL, 0, 8583 NULL, HFILL }}, 8584 { &hf_kerberos_authenticator, 8585 { "authenticator", "kerberos.authenticator_element", 8586 FT_NONE, BASE_NONE, NULL, 0, 8587 NULL, HFILL }}, 8588 { &hf_kerberos_encTicketPart, 8589 { "encTicketPart", "kerberos.encTicketPart_element", 8590 FT_NONE, BASE_NONE, NULL, 0, 8591 NULL, HFILL }}, 8592 { &hf_kerberos_as_req, 8593 { "as-req", "kerberos.as_req_element", 8594 FT_NONE, BASE_NONE, NULL, 0, 8595 NULL, HFILL }}, 8596 { &hf_kerberos_as_rep, 8597 { "as-rep", "kerberos.as_rep_element", 8598 FT_NONE, BASE_NONE, NULL, 0, 8599 NULL, HFILL }}, 8600 { &hf_kerberos_tgs_req, 8601 { "tgs-req", "kerberos.tgs_req_element", 8602 FT_NONE, BASE_NONE, NULL, 0, 8603 NULL, HFILL }}, 8604 { &hf_kerberos_tgs_rep, 8605 { "tgs-rep", "kerberos.tgs_rep_element", 8606 FT_NONE, BASE_NONE, NULL, 0, 8607 NULL, HFILL }}, 8608 { &hf_kerberos_ap_req, 8609 { "ap-req", "kerberos.ap_req_element", 8610 FT_NONE, BASE_NONE, NULL, 0, 8611 NULL, HFILL }}, 8612 { &hf_kerberos_ap_rep, 8613 { "ap-rep", "kerberos.ap_rep_element", 8614 FT_NONE, BASE_NONE, NULL, 0, 8615 NULL, HFILL }}, 8616 { &hf_kerberos_krb_safe, 8617 { "krb-safe", "kerberos.krb_safe_element", 8618 FT_NONE, BASE_NONE, NULL, 0, 8619 NULL, HFILL }}, 8620 { &hf_kerberos_krb_priv, 8621 { "krb-priv", "kerberos.krb_priv_element", 8622 FT_NONE, BASE_NONE, NULL, 0, 8623 NULL, HFILL }}, 8624 { &hf_kerberos_krb_cred, 8625 { "krb-cred", "kerberos.krb_cred_element", 8626 FT_NONE, BASE_NONE, NULL, 0, 8627 NULL, HFILL }}, 8628 { &hf_kerberos_encASRepPart, 8629 { "encASRepPart", "kerberos.encASRepPart_element", 8630 FT_NONE, BASE_NONE, NULL, 0, 8631 NULL, HFILL }}, 8632 { &hf_kerberos_encTGSRepPart, 8633 { "encTGSRepPart", "kerberos.encTGSRepPart_element", 8634 FT_NONE, BASE_NONE, NULL, 0, 8635 NULL, HFILL }}, 8636 { &hf_kerberos_encAPRepPart, 8637 { "encAPRepPart", "kerberos.encAPRepPart_element", 8638 FT_NONE, BASE_NONE, NULL, 0, 8639 NULL, HFILL }}, 8640 { &hf_kerberos_encKrbPrivPart, 8641 { "encKrbPrivPart", "kerberos.encKrbPrivPart_element", 8642 FT_NONE, BASE_NONE, NULL, 0, 8643 "ENC_KRB_PRIV_PART", HFILL }}, 8644 { &hf_kerberos_encKrbCredPart, 8645 { "encKrbCredPart", "kerberos.encKrbCredPart_element", 8646 FT_NONE, BASE_NONE, NULL, 0, 8647 NULL, HFILL }}, 8648 { &hf_kerberos_krb_error, 8649 { "krb-error", "kerberos.krb_error_element", 8650 FT_NONE, BASE_NONE, NULL, 0, 8651 NULL, HFILL }}, 8652 { &hf_kerberos_name_type, 8653 { "name-type", "kerberos.name_type", 8654 FT_INT32, BASE_DEC, VALS(kerberos_NAME_TYPE_vals), 0, 8655 NULL, HFILL }}, 8656 { &hf_kerberos_name_string, 8657 { "name-string", "kerberos.name_string", 8658 FT_UINT32, BASE_DEC, NULL, 0, 8659 "SEQUENCE_OF_KerberosString", HFILL }}, 8660 { &hf_kerberos_name_string_item, 8661 { "KerberosString", "kerberos.KerberosString", 8662 FT_STRING, BASE_NONE, NULL, 0, 8663 NULL, HFILL }}, 8664 { &hf_kerberos_cname_string, 8665 { "cname-string", "kerberos.cname_string", 8666 FT_UINT32, BASE_DEC, NULL, 0, 8667 "SEQUENCE_OF_CNameString", HFILL }}, 8668 { &hf_kerberos_cname_string_item, 8669 { "CNameString", "kerberos.CNameString", 8670 FT_STRING, BASE_NONE, NULL, 0, 8671 NULL, HFILL }}, 8672 { &hf_kerberos_sname_string, 8673 { "sname-string", "kerberos.sname_string", 8674 FT_UINT32, BASE_DEC, NULL, 0, 8675 "SEQUENCE_OF_SNameString", HFILL }}, 8676 { &hf_kerberos_sname_string_item, 8677 { "SNameString", "kerberos.SNameString", 8678 FT_STRING, BASE_NONE, NULL, 0, 8679 NULL, HFILL }}, 8680 { &hf_kerberos_addr_type, 8681 { "addr-type", "kerberos.addr_type", 8682 FT_INT32, BASE_DEC, VALS(kerberos_ADDR_TYPE_vals), 0, 8683 NULL, HFILL }}, 8684 { &hf_kerberos_address, 8685 { "address", "kerberos.address", 8686 FT_BYTES, BASE_NONE, NULL, 0, 8687 NULL, HFILL }}, 8688 { &hf_kerberos_HostAddresses_item, 8689 { "HostAddress", "kerberos.HostAddress_element", 8690 FT_NONE, BASE_NONE, NULL, 0, 8691 NULL, HFILL }}, 8692 { &hf_kerberos_AuthorizationData_item, 8693 { "AuthorizationData item", "kerberos.AuthorizationData_item_element", 8694 FT_NONE, BASE_NONE, NULL, 0, 8695 NULL, HFILL }}, 8696 { &hf_kerberos_ad_type, 8697 { "ad-type", "kerberos.ad_type", 8698 FT_INT32, BASE_DEC, VALS(kerberos_AUTHDATA_TYPE_vals), 0, 8699 "AUTHDATA_TYPE", HFILL }}, 8700 { &hf_kerberos_ad_data, 8701 { "ad-data", "kerberos.ad_data", 8702 FT_BYTES, BASE_NONE, NULL, 0, 8703 NULL, HFILL }}, 8704 { &hf_kerberos_padata_type, 8705 { "padata-type", "kerberos.padata_type", 8706 FT_INT32, BASE_DEC, VALS(kerberos_PADATA_TYPE_vals), 0, 8707 NULL, HFILL }}, 8708 { &hf_kerberos_padata_value, 8709 { "padata-value", "kerberos.padata_value", 8710 FT_BYTES, BASE_NONE, NULL, 0, 8711 NULL, HFILL }}, 8712 { &hf_kerberos_keytype, 8713 { "keytype", "kerberos.keytype", 8714 FT_INT32, BASE_DEC, NULL, 0, 8715 NULL, HFILL }}, 8716 { &hf_kerberos_keyvalue, 8717 { "keyvalue", "kerberos.keyvalue", 8718 FT_BYTES, BASE_NONE, NULL, 0, 8719 NULL, HFILL }}, 8720 { &hf_kerberos_cksumtype, 8721 { "cksumtype", "kerberos.cksumtype", 8722 FT_INT32, BASE_DEC, VALS(kerberos_CKSUMTYPE_vals), 0, 8723 NULL, HFILL }}, 8724 { &hf_kerberos_checksum, 8725 { "checksum", "kerberos.checksum", 8726 FT_BYTES, BASE_NONE, NULL, 0, 8727 NULL, HFILL }}, 8728 { &hf_kerberos_etype, 8729 { "etype", "kerberos.etype", 8730 FT_INT32, BASE_DEC, VALS(kerberos_ENCTYPE_vals), 0, 8731 "ENCTYPE", HFILL }}, 8732 { &hf_kerberos_kvno, 8733 { "kvno", "kerberos.kvno", 8734 FT_UINT32, BASE_DEC, NULL, 0, 8735 "UInt32", HFILL }}, 8736 { &hf_kerberos_encryptedTicketData_cipher, 8737 { "cipher", "kerberos.cipher", 8738 FT_BYTES, BASE_NONE, NULL, 0, 8739 "T_encryptedTicketData_cipher", HFILL }}, 8740 { &hf_kerberos_encryptedAuthorizationData_cipher, 8741 { "cipher", "kerberos.cipher", 8742 FT_BYTES, BASE_NONE, NULL, 0, 8743 "T_encryptedAuthorizationData_cipher", HFILL }}, 8744 { &hf_kerberos_encryptedAuthenticator_cipher, 8745 { "cipher", "kerberos.cipher", 8746 FT_BYTES, BASE_NONE, NULL, 0, 8747 "T_encryptedAuthenticator_cipher", HFILL }}, 8748 { &hf_kerberos_encryptedKDCREPData_cipher, 8749 { "cipher", "kerberos.cipher", 8750 FT_BYTES, BASE_NONE, NULL, 0, 8751 "T_encryptedKDCREPData_cipher", HFILL }}, 8752 { &hf_kerberos_encryptedAPREPData_cipher, 8753 { "cipher", "kerberos.cipher", 8754 FT_BYTES, BASE_NONE, NULL, 0, 8755 "T_encryptedAPREPData_cipher", HFILL }}, 8756 { &hf_kerberos_encryptedKrbPrivData_cipher, 8757 { "cipher", "kerberos.cipher", 8758 FT_BYTES, BASE_NONE, NULL, 0, 8759 "T_encryptedKrbPrivData_cipher", HFILL }}, 8760 { &hf_kerberos_encryptedKrbCredData_cipher, 8761 { "cipher", "kerberos.cipher", 8762 FT_BYTES, BASE_NONE, NULL, 0, 8763 "T_encryptedKrbCredData_cipher", HFILL }}, 8764 { &hf_kerberos_tkt_vno, 8765 { "tkt-vno", "kerberos.tkt_vno", 8766 FT_UINT32, BASE_DEC, NULL, 0, 8767 "INTEGER_5", HFILL }}, 8768 { &hf_kerberos_realm, 8769 { "realm", "kerberos.realm", 8770 FT_STRING, BASE_NONE, NULL, 0, 8771 NULL, HFILL }}, 8772 { &hf_kerberos_sname, 8773 { "sname", "kerberos.sname_element", 8774 FT_NONE, BASE_NONE, NULL, 0, 8775 NULL, HFILL }}, 8776 { &hf_kerberos_ticket_enc_part, 8777 { "enc-part", "kerberos.enc_part_element", 8778 FT_NONE, BASE_NONE, NULL, 0, 8779 "EncryptedTicketData", HFILL }}, 8780 { &hf_kerberos_flags, 8781 { "flags", "kerberos.flags", 8782 FT_BYTES, BASE_NONE, NULL, 0, 8783 "TicketFlags", HFILL }}, 8784 { &hf_kerberos_encTicketPart_key, 8785 { "key", "kerberos.key_element", 8786 FT_NONE, BASE_NONE, NULL, 0, 8787 "T_encTicketPart_key", HFILL }}, 8788 { &hf_kerberos_crealm, 8789 { "crealm", "kerberos.crealm", 8790 FT_STRING, BASE_NONE, NULL, 0, 8791 "Realm", HFILL }}, 8792 { &hf_kerberos_cname, 8793 { "cname", "kerberos.cname_element", 8794 FT_NONE, BASE_NONE, NULL, 0, 8795 NULL, HFILL }}, 8796 { &hf_kerberos_transited, 8797 { "transited", "kerberos.transited_element", 8798 FT_NONE, BASE_NONE, NULL, 0, 8799 "TransitedEncoding", HFILL }}, 8800 { &hf_kerberos_authtime, 8801 { "authtime", "kerberos.authtime", 8802 FT_STRING, BASE_NONE, NULL, 0, 8803 "KerberosTime", HFILL }}, 8804 { &hf_kerberos_starttime, 8805 { "starttime", "kerberos.starttime", 8806 FT_STRING, BASE_NONE, NULL, 0, 8807 "KerberosTime", HFILL }}, 8808 { &hf_kerberos_endtime, 8809 { "endtime", "kerberos.endtime", 8810 FT_STRING, BASE_NONE, NULL, 0, 8811 "KerberosTime", HFILL }}, 8812 { &hf_kerberos_renew_till, 8813 { "renew-till", "kerberos.renew_till", 8814 FT_STRING, BASE_NONE, NULL, 0, 8815 "KerberosTime", HFILL }}, 8816 { &hf_kerberos_caddr, 8817 { "caddr", "kerberos.caddr", 8818 FT_UINT32, BASE_DEC, NULL, 0, 8819 "HostAddresses", HFILL }}, 8820 { &hf_kerberos_authorization_data, 8821 { "authorization-data", "kerberos.authorization_data", 8822 FT_UINT32, BASE_DEC, NULL, 0, 8823 "AuthorizationData", HFILL }}, 8824 { &hf_kerberos_tr_type, 8825 { "tr-type", "kerberos.tr_type", 8826 FT_INT32, BASE_DEC, NULL, 0, 8827 "Int32", HFILL }}, 8828 { &hf_kerberos_contents, 8829 { "contents", "kerberos.contents", 8830 FT_BYTES, BASE_NONE, NULL, 0, 8831 "OCTET_STRING", HFILL }}, 8832 { &hf_kerberos_pvno, 8833 { "pvno", "kerberos.pvno", 8834 FT_UINT32, BASE_DEC, NULL, 0, 8835 "INTEGER_5", HFILL }}, 8836 { &hf_kerberos_msg_type, 8837 { "msg-type", "kerberos.msg_type", 8838 FT_INT32, BASE_DEC, VALS(kerberos_MESSAGE_TYPE_vals), 0, 8839 "MESSAGE_TYPE", HFILL }}, 8840 { &hf_kerberos_padata, 8841 { "padata", "kerberos.padata", 8842 FT_UINT32, BASE_DEC, NULL, 0, 8843 "SEQUENCE_OF_PA_DATA", HFILL }}, 8844 { &hf_kerberos_padata_item, 8845 { "PA-DATA", "kerberos.PA_DATA_element", 8846 FT_NONE, BASE_NONE, NULL, 0, 8847 NULL, HFILL }}, 8848 { &hf_kerberos_req_body, 8849 { "req-body", "kerberos.req_body_element", 8850 FT_NONE, BASE_NONE, NULL, 0, 8851 "KDC_REQ_BODY", HFILL }}, 8852 { &hf_kerberos_kdc_options, 8853 { "kdc-options", "kerberos.kdc_options", 8854 FT_BYTES, BASE_NONE, NULL, 0, 8855 "KDCOptions", HFILL }}, 8856 { &hf_kerberos_from, 8857 { "from", "kerberos.from", 8858 FT_STRING, BASE_NONE, NULL, 0, 8859 "KerberosTime", HFILL }}, 8860 { &hf_kerberos_till, 8861 { "till", "kerberos.till", 8862 FT_STRING, BASE_NONE, NULL, 0, 8863 "KerberosTime", HFILL }}, 8864 { &hf_kerberos_rtime, 8865 { "rtime", "kerberos.rtime", 8866 FT_STRING, BASE_NONE, NULL, 0, 8867 "KerberosTime", HFILL }}, 8868 { &hf_kerberos_nonce, 8869 { "nonce", "kerberos.nonce", 8870 FT_UINT32, BASE_DEC, NULL, 0, 8871 "UInt32", HFILL }}, 8872 { &hf_kerberos_kDC_REQ_BODY_etype, 8873 { "etype", "kerberos.kdc-req-body.etype", 8874 FT_UINT32, BASE_DEC, NULL, 0, 8875 "SEQUENCE_OF_ENCTYPE", HFILL }}, 8876 { &hf_kerberos_kDC_REQ_BODY_etype_item, 8877 { "ENCTYPE", "kerberos.ENCTYPE", 8878 FT_INT32, BASE_DEC, VALS(kerberos_ENCTYPE_vals), 0, 8879 NULL, HFILL }}, 8880 { &hf_kerberos_addresses, 8881 { "addresses", "kerberos.addresses", 8882 FT_UINT32, BASE_DEC, NULL, 0, 8883 "HostAddresses", HFILL }}, 8884 { &hf_kerberos_enc_authorization_data, 8885 { "enc-authorization-data", "kerberos.enc_authorization_data_element", 8886 FT_NONE, BASE_NONE, NULL, 0, 8887 "EncryptedAuthorizationData", HFILL }}, 8888 { &hf_kerberos_additional_tickets, 8889 { "additional-tickets", "kerberos.additional_tickets", 8890 FT_UINT32, BASE_DEC, NULL, 0, 8891 "SEQUENCE_OF_Ticket", HFILL }}, 8892 { &hf_kerberos_additional_tickets_item, 8893 { "Ticket", "kerberos.Ticket_element", 8894 FT_NONE, BASE_NONE, NULL, 0, 8895 NULL, HFILL }}, 8896 { &hf_kerberos_kDC_REP_enc_part, 8897 { "enc-part", "kerberos.enc_part_element", 8898 FT_NONE, BASE_NONE, NULL, 0, 8899 "EncryptedKDCREPData", HFILL }}, 8900 { &hf_kerberos_encKDCRepPart_key, 8901 { "key", "kerberos.key_element", 8902 FT_NONE, BASE_NONE, NULL, 0, 8903 "T_encKDCRepPart_key", HFILL }}, 8904 { &hf_kerberos_last_req, 8905 { "last-req", "kerberos.last_req", 8906 FT_UINT32, BASE_DEC, NULL, 0, 8907 "LastReq", HFILL }}, 8908 { &hf_kerberos_key_expiration, 8909 { "key-expiration", "kerberos.key_expiration", 8910 FT_STRING, BASE_NONE, NULL, 0, 8911 "KerberosTime", HFILL }}, 8912 { &hf_kerberos_srealm, 8913 { "srealm", "kerberos.srealm", 8914 FT_STRING, BASE_NONE, NULL, 0, 8915 "Realm", HFILL }}, 8916 { &hf_kerberos_encrypted_pa_data, 8917 { "encrypted-pa-data", "kerberos.encrypted_pa_data", 8918 FT_UINT32, BASE_DEC, NULL, 0, 8919 NULL, HFILL }}, 8920 { &hf_kerberos_LastReq_item, 8921 { "LastReq item", "kerberos.LastReq_item_element", 8922 FT_NONE, BASE_NONE, NULL, 0, 8923 NULL, HFILL }}, 8924 { &hf_kerberos_lr_type, 8925 { "lr-type", "kerberos.lr_type", 8926 FT_INT32, BASE_DEC, VALS(kerberos_LR_TYPE_vals), 0, 8927 NULL, HFILL }}, 8928 { &hf_kerberos_lr_value, 8929 { "lr-value", "kerberos.lr_value", 8930 FT_STRING, BASE_NONE, NULL, 0, 8931 "KerberosTime", HFILL }}, 8932 { &hf_kerberos_ap_options, 8933 { "ap-options", "kerberos.ap_options", 8934 FT_BYTES, BASE_NONE, NULL, 0, 8935 "APOptions", HFILL }}, 8936 { &hf_kerberos_authenticator_enc_part, 8937 { "authenticator", "kerberos.authenticator_element", 8938 FT_NONE, BASE_NONE, NULL, 0, 8939 "EncryptedAuthenticator", HFILL }}, 8940 { &hf_kerberos_authenticator_vno, 8941 { "authenticator-vno", "kerberos.authenticator_vno", 8942 FT_UINT32, BASE_DEC, NULL, 0, 8943 "INTEGER_5", HFILL }}, 8944 { &hf_kerberos_cksum, 8945 { "cksum", "kerberos.cksum_element", 8946 FT_NONE, BASE_NONE, NULL, 0, 8947 "Checksum", HFILL }}, 8948 { &hf_kerberos_cusec, 8949 { "cusec", "kerberos.cusec", 8950 FT_UINT32, BASE_DEC, NULL, 0, 8951 "Microseconds", HFILL }}, 8952 { &hf_kerberos_ctime, 8953 { "ctime", "kerberos.ctime", 8954 FT_STRING, BASE_NONE, NULL, 0, 8955 "KerberosTime", HFILL }}, 8956 { &hf_kerberos_authenticator_subkey, 8957 { "subkey", "kerberos.subkey_element", 8958 FT_NONE, BASE_NONE, NULL, 0, 8959 "T_authenticator_subkey", HFILL }}, 8960 { &hf_kerberos_seq_number, 8961 { "seq-number", "kerberos.seq_number", 8962 FT_UINT32, BASE_DEC, NULL, 0, 8963 "UInt32", HFILL }}, 8964 { &hf_kerberos_aP_REP_enc_part, 8965 { "enc-part", "kerberos.enc_part_element", 8966 FT_NONE, BASE_NONE, NULL, 0, 8967 "EncryptedAPREPData", HFILL }}, 8968 { &hf_kerberos_encAPRepPart_subkey, 8969 { "subkey", "kerberos.subkey_element", 8970 FT_NONE, BASE_NONE, NULL, 0, 8971 "T_encAPRepPart_subkey", HFILL }}, 8972 { &hf_kerberos_safe_body, 8973 { "safe-body", "kerberos.safe_body_element", 8974 FT_NONE, BASE_NONE, NULL, 0, 8975 "KRB_SAFE_BODY", HFILL }}, 8976 { &hf_kerberos_kRB_SAFE_BODY_user_data, 8977 { "user-data", "kerberos.user_data", 8978 FT_BYTES, BASE_NONE, NULL, 0, 8979 "T_kRB_SAFE_BODY_user_data", HFILL }}, 8980 { &hf_kerberos_timestamp, 8981 { "timestamp", "kerberos.timestamp", 8982 FT_STRING, BASE_NONE, NULL, 0, 8983 "KerberosTime", HFILL }}, 8984 { &hf_kerberos_usec, 8985 { "usec", "kerberos.usec", 8986 FT_UINT32, BASE_DEC, NULL, 0, 8987 "Microseconds", HFILL }}, 8988 { &hf_kerberos_s_address, 8989 { "s-address", "kerberos.s_address_element", 8990 FT_NONE, BASE_NONE, NULL, 0, 8991 "HostAddress", HFILL }}, 8992 { &hf_kerberos_r_address, 8993 { "r-address", "kerberos.r_address_element", 8994 FT_NONE, BASE_NONE, NULL, 0, 8995 "HostAddress", HFILL }}, 8996 { &hf_kerberos_kRB_PRIV_enc_part, 8997 { "enc-part", "kerberos.enc_part_element", 8998 FT_NONE, BASE_NONE, NULL, 0, 8999 "EncryptedKrbPrivData", HFILL }}, 9000 { &hf_kerberos_encKrbPrivPart_user_data, 9001 { "user-data", "kerberos.user_data", 9002 FT_BYTES, BASE_NONE, NULL, 0, 9003 "T_encKrbPrivPart_user_data", HFILL }}, 9004 { &hf_kerberos_tickets, 9005 { "tickets", "kerberos.tickets", 9006 FT_UINT32, BASE_DEC, NULL, 0, 9007 "SEQUENCE_OF_Ticket", HFILL }}, 9008 { &hf_kerberos_tickets_item, 9009 { "Ticket", "kerberos.Ticket_element", 9010 FT_NONE, BASE_NONE, NULL, 0, 9011 NULL, HFILL }}, 9012 { &hf_kerberos_kRB_CRED_enc_part, 9013 { "enc-part", "kerberos.enc_part_element", 9014 FT_NONE, BASE_NONE, NULL, 0, 9015 "EncryptedKrbCredData", HFILL }}, 9016 { &hf_kerberos_ticket_info, 9017 { "ticket-info", "kerberos.ticket_info", 9018 FT_UINT32, BASE_DEC, NULL, 0, 9019 "SEQUENCE_OF_KrbCredInfo", HFILL }}, 9020 { &hf_kerberos_ticket_info_item, 9021 { "KrbCredInfo", "kerberos.KrbCredInfo_element", 9022 FT_NONE, BASE_NONE, NULL, 0, 9023 NULL, HFILL }}, 9024 { &hf_kerberos_krbCredInfo_key, 9025 { "key", "kerberos.key_element", 9026 FT_NONE, BASE_NONE, NULL, 0, 9027 "T_krbCredInfo_key", HFILL }}, 9028 { &hf_kerberos_prealm, 9029 { "prealm", "kerberos.prealm", 9030 FT_STRING, BASE_NONE, NULL, 0, 9031 "Realm", HFILL }}, 9032 { &hf_kerberos_pname, 9033 { "pname", "kerberos.pname_element", 9034 FT_NONE, BASE_NONE, NULL, 0, 9035 "PrincipalName", HFILL }}, 9036 { &hf_kerberos_stime, 9037 { "stime", "kerberos.stime", 9038 FT_STRING, BASE_NONE, NULL, 0, 9039 "KerberosTime", HFILL }}, 9040 { &hf_kerberos_susec, 9041 { "susec", "kerberos.susec", 9042 FT_UINT32, BASE_DEC, NULL, 0, 9043 "Microseconds", HFILL }}, 9044 { &hf_kerberos_error_code, 9045 { "error-code", "kerberos.error_code", 9046 FT_INT32, BASE_DEC, VALS(kerberos_ERROR_CODE_vals), 0, 9047 NULL, HFILL }}, 9048 { &hf_kerberos_e_text, 9049 { "e-text", "kerberos.e_text", 9050 FT_STRING, BASE_NONE, NULL, 0, 9051 "KerberosString", HFILL }}, 9052 { &hf_kerberos_e_data, 9053 { "e-data", "kerberos.e_data", 9054 FT_BYTES, BASE_NONE, NULL, 0, 9055 NULL, HFILL }}, 9056 { &hf_kerberos_e_checksum, 9057 { "e-checksum", "kerberos.e_checksum_element", 9058 FT_NONE, BASE_NONE, NULL, 0, 9059 "Checksum", HFILL }}, 9060 { &hf_kerberos_METHOD_DATA_item, 9061 { "PA-DATA", "kerberos.PA_DATA_element", 9062 FT_NONE, BASE_NONE, NULL, 0, 9063 NULL, HFILL }}, 9064 { &hf_kerberos_pA_ENC_TIMESTAMP_cipher, 9065 { "cipher", "kerberos.cipher", 9066 FT_BYTES, BASE_NONE, NULL, 0, 9067 "T_pA_ENC_TIMESTAMP_cipher", HFILL }}, 9068 { &hf_kerberos_info_salt, 9069 { "salt", "kerberos.info_salt", 9070 FT_BYTES, BASE_NONE, NULL, 0, 9071 "OCTET_STRING", HFILL }}, 9072 { &hf_kerberos_ETYPE_INFO_item, 9073 { "ETYPE-INFO-ENTRY", "kerberos.ETYPE_INFO_ENTRY_element", 9074 FT_NONE, BASE_NONE, NULL, 0, 9075 NULL, HFILL }}, 9076 { &hf_kerberos_info2_salt, 9077 { "salt", "kerberos.info2_salt", 9078 FT_STRING, BASE_NONE, NULL, 0, 9079 "KerberosString", HFILL }}, 9080 { &hf_kerberos_s2kparams, 9081 { "s2kparams", "kerberos.s2kparams", 9082 FT_BYTES, BASE_NONE, NULL, 0, 9083 "OCTET_STRING", HFILL }}, 9084 { &hf_kerberos_ETYPE_INFO2_item, 9085 { "ETYPE-INFO2-ENTRY", "kerberos.ETYPE_INFO2_ENTRY_element", 9086 FT_NONE, BASE_NONE, NULL, 0, 9087 NULL, HFILL }}, 9088 { &hf_kerberos_server_name, 9089 { "server-name", "kerberos.server_name_element", 9090 FT_NONE, BASE_NONE, NULL, 0, 9091 "PrincipalName", HFILL }}, 9092 { &hf_kerberos_include_pac, 9093 { "include-pac", "kerberos.include_pac", 9094 FT_BOOLEAN, BASE_NONE, NULL, 0, 9095 "BOOLEAN", HFILL }}, 9096 { &hf_kerberos_name, 9097 { "name", "kerberos.name_element", 9098 FT_NONE, BASE_NONE, NULL, 0, 9099 "PrincipalName", HFILL }}, 9100 { &hf_kerberos_auth, 9101 { "auth", "kerberos.auth", 9102 FT_STRING, BASE_NONE, NULL, 0, 9103 "GeneralString", HFILL }}, 9104 { &hf_kerberos_user_id, 9105 { "user-id", "kerberos.user_id_element", 9106 FT_NONE, BASE_NONE, NULL, 0, 9107 "S4UUserID", HFILL }}, 9108 { &hf_kerberos_checksum_01, 9109 { "checksum", "kerberos.checksum_element", 9110 FT_NONE, BASE_NONE, NULL, 0, 9111 NULL, HFILL }}, 9112 { &hf_kerberos_cname_01, 9113 { "cname", "kerberos.cname_element", 9114 FT_NONE, BASE_NONE, NULL, 0, 9115 "PrincipalName", HFILL }}, 9116 { &hf_kerberos_subject_certificate, 9117 { "subject-certificate", "kerberos.subject_certificate", 9118 FT_BYTES, BASE_NONE, NULL, 0, 9119 "T_subject_certificate", HFILL }}, 9120 { &hf_kerberos_options, 9121 { "options", "kerberos.options", 9122 FT_BYTES, BASE_NONE, NULL, 0, 9123 "BIT_STRING", HFILL }}, 9124 { &hf_kerberos_flags_01, 9125 { "flags", "kerberos.flags", 9126 FT_BYTES, BASE_NONE, NULL, 0, 9127 "PAC_OPTIONS_FLAGS", HFILL }}, 9128 { &hf_kerberos_restriction_type, 9129 { "restriction-type", "kerberos.restriction_type", 9130 FT_INT32, BASE_DEC, NULL, 0, 9131 "Int32", HFILL }}, 9132 { &hf_kerberos_restriction, 9133 { "restriction", "kerberos.restriction", 9134 FT_BYTES, BASE_NONE, NULL, 0, 9135 "OCTET_STRING", HFILL }}, 9136 { &hf_kerberos_PA_KERB_KEY_LIST_REQ_item, 9137 { "ENCTYPE", "kerberos.ENCTYPE", 9138 FT_INT32, BASE_DEC, VALS(kerberos_ENCTYPE_vals), 0, 9139 NULL, HFILL }}, 9140 { &hf_kerberos_kerbKeyListRep_key, 9141 { "key", "kerberos.kerbKeyListRep.key_element", 9142 FT_NONE, BASE_NONE, NULL, 0, 9143 "PA_KERB_KEY_LIST_REP_item", HFILL }}, 9144 { &hf_kerberos_newpasswd, 9145 { "newpasswd", "kerberos.newpasswd", 9146 FT_BYTES, BASE_NONE, NULL, 0, 9147 "OCTET_STRING", HFILL }}, 9148 { &hf_kerberos_targname, 9149 { "targname", "kerberos.targname_element", 9150 FT_NONE, BASE_NONE, NULL, 0, 9151 "PrincipalName", HFILL }}, 9152 { &hf_kerberos_targrealm, 9153 { "targrealm", "kerberos.targrealm", 9154 FT_STRING, BASE_NONE, NULL, 0, 9155 "Realm", HFILL }}, 9156 { &hf_kerberos_pa_type, 9157 { "pa-type", "kerberos.pa_type", 9158 FT_INT32, BASE_DEC, VALS(kerberos_PADATA_TYPE_vals), 0, 9159 "PADATA_TYPE", HFILL }}, 9160 { &hf_kerberos_pa_hint, 9161 { "pa-hint", "kerberos.pa_hint", 9162 FT_BYTES, BASE_NONE, NULL, 0, 9163 "OCTET_STRING", HFILL }}, 9164 { &hf_kerberos_pa_value, 9165 { "pa-value", "kerberos.pa_value", 9166 FT_BYTES, BASE_NONE, NULL, 0, 9167 "OCTET_STRING", HFILL }}, 9168 { &hf_kerberos_armor_type, 9169 { "armor-type", "kerberos.armor_type", 9170 FT_INT32, BASE_DEC, VALS(kerberos_KrbFastArmorTypes_vals), 0, 9171 "KrbFastArmorTypes", HFILL }}, 9172 { &hf_kerberos_armor_value, 9173 { "armor-value", "kerberos.armor_value", 9174 FT_BYTES, BASE_NONE, NULL, 0, 9175 NULL, HFILL }}, 9176 { &hf_kerberos_armored_data_request, 9177 { "armored-data", "kerberos.armored_data_element", 9178 FT_NONE, BASE_NONE, NULL, 0, 9179 "KrbFastArmoredReq", HFILL }}, 9180 { &hf_kerberos_encryptedKrbFastReq_cipher, 9181 { "cipher", "kerberos.cipher", 9182 FT_BYTES, BASE_NONE, NULL, 0, 9183 "T_encryptedKrbFastReq_cipher", HFILL }}, 9184 { &hf_kerberos_armor, 9185 { "armor", "kerberos.armor_element", 9186 FT_NONE, BASE_NONE, NULL, 0, 9187 "KrbFastArmor", HFILL }}, 9188 { &hf_kerberos_req_checksum, 9189 { "req-checksum", "kerberos.req_checksum_element", 9190 FT_NONE, BASE_NONE, NULL, 0, 9191 "Checksum", HFILL }}, 9192 { &hf_kerberos_enc_fast_req, 9193 { "enc-fast-req", "kerberos.enc_fast_req_element", 9194 FT_NONE, BASE_NONE, NULL, 0, 9195 "EncryptedKrbFastReq", HFILL }}, 9196 { &hf_kerberos_armored_data_reply, 9197 { "armored-data", "kerberos.armored_data_element", 9198 FT_NONE, BASE_NONE, NULL, 0, 9199 "KrbFastArmoredRep", HFILL }}, 9200 { &hf_kerberos_encryptedKrbFastResponse_cipher, 9201 { "cipher", "kerberos.cipher", 9202 FT_BYTES, BASE_NONE, NULL, 0, 9203 "T_encryptedKrbFastResponse_cipher", HFILL }}, 9204 { &hf_kerberos_enc_fast_rep, 9205 { "enc-fast-rep", "kerberos.enc_fast_rep_element", 9206 FT_NONE, BASE_NONE, NULL, 0, 9207 "EncryptedKrbFastResponse", HFILL }}, 9208 { &hf_kerberos_encryptedChallenge_cipher, 9209 { "cipher", "kerberos.cipher", 9210 FT_BYTES, BASE_NONE, NULL, 0, 9211 "T_encryptedChallenge_cipher", HFILL }}, 9212 { &hf_kerberos_cipher, 9213 { "cipher", "kerberos.cipher", 9214 FT_BYTES, BASE_NONE, NULL, 0, 9215 "OCTET_STRING", HFILL }}, 9216 { &hf_kerberos_groups, 9217 { "groups", "kerberos.groups", 9218 FT_UINT32, BASE_DEC, NULL, 0, 9219 "SEQUENCE_SIZE_1_MAX_OF_SPAKEGroup", HFILL }}, 9220 { &hf_kerberos_groups_item, 9221 { "SPAKEGroup", "kerberos.SPAKEGroup", 9222 FT_INT32, BASE_DEC, VALS(kerberos_SPAKEGroup_vals), 0, 9223 NULL, HFILL }}, 9224 { &hf_kerberos_group, 9225 { "group", "kerberos.group", 9226 FT_INT32, BASE_DEC, VALS(kerberos_SPAKEGroup_vals), 0, 9227 "SPAKEGroup", HFILL }}, 9228 { &hf_kerberos_pubkey, 9229 { "pubkey", "kerberos.pubkey", 9230 FT_BYTES, BASE_NONE, NULL, 0, 9231 "OCTET_STRING", HFILL }}, 9232 { &hf_kerberos_factors, 9233 { "factors", "kerberos.factors", 9234 FT_UINT32, BASE_DEC, NULL, 0, 9235 "SEQUENCE_SIZE_1_MAX_OF_SPAKESecondFactor", HFILL }}, 9236 { &hf_kerberos_factors_item, 9237 { "SPAKESecondFactor", "kerberos.SPAKESecondFactor_element", 9238 FT_NONE, BASE_NONE, NULL, 0, 9239 NULL, HFILL }}, 9240 { &hf_kerberos_type, 9241 { "type", "kerberos.type", 9242 FT_INT32, BASE_DEC, VALS(kerberos_SPAKESecondFactorType_vals), 0, 9243 "SPAKESecondFactorType", HFILL }}, 9244 { &hf_kerberos_data, 9245 { "data", "kerberos.data", 9246 FT_BYTES, BASE_NONE, NULL, 0, 9247 "OCTET_STRING", HFILL }}, 9248 { &hf_kerberos_factor, 9249 { "factor", "kerberos.factor_element", 9250 FT_NONE, BASE_NONE, NULL, 0, 9251 "EncryptedSpakeResponseData", HFILL }}, 9252 { &hf_kerberos_support, 9253 { "support", "kerberos.support_element", 9254 FT_NONE, BASE_NONE, NULL, 0, 9255 "SPAKESupport", HFILL }}, 9256 { &hf_kerberos_challenge, 9257 { "challenge", "kerberos.challenge_element", 9258 FT_NONE, BASE_NONE, NULL, 0, 9259 "SPAKEChallenge", HFILL }}, 9260 { &hf_kerberos_response, 9261 { "response", "kerberos.response_element", 9262 FT_NONE, BASE_NONE, NULL, 0, 9263 "SPAKEResponse", HFILL }}, 9264 { &hf_kerberos_encdata, 9265 { "encdata", "kerberos.encdata_element", 9266 FT_NONE, BASE_NONE, NULL, 0, 9267 "EncryptedSpakeData", HFILL }}, 9268 { &hf_kerberos_APOptions_reserved, 9269 { "reserved", "kerberos.APOptions.reserved", 9270 FT_BOOLEAN, 8, NULL, 0x80, 9271 NULL, HFILL }}, 9272 { &hf_kerberos_APOptions_use_session_key, 9273 { "use-session-key", "kerberos.APOptions.use.session.key", 9274 FT_BOOLEAN, 8, NULL, 0x40, 9275 NULL, HFILL }}, 9276 { &hf_kerberos_APOptions_mutual_required, 9277 { "mutual-required", "kerberos.APOptions.mutual.required", 9278 FT_BOOLEAN, 8, NULL, 0x20, 9279 NULL, HFILL }}, 9280 { &hf_kerberos_TicketFlags_reserved, 9281 { "reserved", "kerberos.TicketFlags.reserved", 9282 FT_BOOLEAN, 8, NULL, 0x80, 9283 NULL, HFILL }}, 9284 { &hf_kerberos_TicketFlags_forwardable, 9285 { "forwardable", "kerberos.TicketFlags.forwardable", 9286 FT_BOOLEAN, 8, NULL, 0x40, 9287 NULL, HFILL }}, 9288 { &hf_kerberos_TicketFlags_forwarded, 9289 { "forwarded", "kerberos.TicketFlags.forwarded", 9290 FT_BOOLEAN, 8, NULL, 0x20, 9291 NULL, HFILL }}, 9292 { &hf_kerberos_TicketFlags_proxiable, 9293 { "proxiable", "kerberos.TicketFlags.proxiable", 9294 FT_BOOLEAN, 8, NULL, 0x10, 9295 NULL, HFILL }}, 9296 { &hf_kerberos_TicketFlags_proxy, 9297 { "proxy", "kerberos.TicketFlags.proxy", 9298 FT_BOOLEAN, 8, NULL, 0x08, 9299 NULL, HFILL }}, 9300 { &hf_kerberos_TicketFlags_may_postdate, 9301 { "may-postdate", "kerberos.TicketFlags.may.postdate", 9302 FT_BOOLEAN, 8, NULL, 0x04, 9303 NULL, HFILL }}, 9304 { &hf_kerberos_TicketFlags_postdated, 9305 { "postdated", "kerberos.TicketFlags.postdated", 9306 FT_BOOLEAN, 8, NULL, 0x02, 9307 NULL, HFILL }}, 9308 { &hf_kerberos_TicketFlags_invalid, 9309 { "invalid", "kerberos.TicketFlags.invalid", 9310 FT_BOOLEAN, 8, NULL, 0x01, 9311 NULL, HFILL }}, 9312 { &hf_kerberos_TicketFlags_renewable, 9313 { "renewable", "kerberos.TicketFlags.renewable", 9314 FT_BOOLEAN, 8, NULL, 0x80, 9315 NULL, HFILL }}, 9316 { &hf_kerberos_TicketFlags_initial, 9317 { "initial", "kerberos.TicketFlags.initial", 9318 FT_BOOLEAN, 8, NULL, 0x40, 9319 NULL, HFILL }}, 9320 { &hf_kerberos_TicketFlags_pre_authent, 9321 { "pre-authent", "kerberos.TicketFlags.pre.authent", 9322 FT_BOOLEAN, 8, NULL, 0x20, 9323 NULL, HFILL }}, 9324 { &hf_kerberos_TicketFlags_hw_authent, 9325 { "hw-authent", "kerberos.TicketFlags.hw.authent", 9326 FT_BOOLEAN, 8, NULL, 0x10, 9327 NULL, HFILL }}, 9328 { &hf_kerberos_TicketFlags_transited_policy_checked, 9329 { "transited-policy-checked", "kerberos.TicketFlags.transited.policy.checked", 9330 FT_BOOLEAN, 8, NULL, 0x08, 9331 NULL, HFILL }}, 9332 { &hf_kerberos_TicketFlags_ok_as_delegate, 9333 { "ok-as-delegate", "kerberos.TicketFlags.ok.as.delegate", 9334 FT_BOOLEAN, 8, NULL, 0x04, 9335 NULL, HFILL }}, 9336 { &hf_kerberos_TicketFlags_unused, 9337 { "unused", "kerberos.TicketFlags.unused", 9338 FT_BOOLEAN, 8, NULL, 0x02, 9339 NULL, HFILL }}, 9340 { &hf_kerberos_TicketFlags_enc_pa_rep, 9341 { "enc-pa-rep", "kerberos.TicketFlags.enc.pa.rep", 9342 FT_BOOLEAN, 8, NULL, 0x01, 9343 NULL, HFILL }}, 9344 { &hf_kerberos_TicketFlags_anonymous, 9345 { "anonymous", "kerberos.TicketFlags.anonymous", 9346 FT_BOOLEAN, 8, NULL, 0x80, 9347 NULL, HFILL }}, 9348 { &hf_kerberos_KDCOptions_reserved, 9349 { "reserved", "kerberos.KDCOptions.reserved", 9350 FT_BOOLEAN, 8, NULL, 0x80, 9351 NULL, HFILL }}, 9352 { &hf_kerberos_KDCOptions_forwardable, 9353 { "forwardable", "kerberos.KDCOptions.forwardable", 9354 FT_BOOLEAN, 8, NULL, 0x40, 9355 NULL, HFILL }}, 9356 { &hf_kerberos_KDCOptions_forwarded, 9357 { "forwarded", "kerberos.KDCOptions.forwarded", 9358 FT_BOOLEAN, 8, NULL, 0x20, 9359 NULL, HFILL }}, 9360 { &hf_kerberos_KDCOptions_proxiable, 9361 { "proxiable", "kerberos.KDCOptions.proxiable", 9362 FT_BOOLEAN, 8, NULL, 0x10, 9363 NULL, HFILL }}, 9364 { &hf_kerberos_KDCOptions_proxy, 9365 { "proxy", "kerberos.KDCOptions.proxy", 9366 FT_BOOLEAN, 8, NULL, 0x08, 9367 NULL, HFILL }}, 9368 { &hf_kerberos_KDCOptions_allow_postdate, 9369 { "allow-postdate", "kerberos.KDCOptions.allow.postdate", 9370 FT_BOOLEAN, 8, NULL, 0x04, 9371 NULL, HFILL }}, 9372 { &hf_kerberos_KDCOptions_postdated, 9373 { "postdated", "kerberos.KDCOptions.postdated", 9374 FT_BOOLEAN, 8, NULL, 0x02, 9375 NULL, HFILL }}, 9376 { &hf_kerberos_KDCOptions_unused7, 9377 { "unused7", "kerberos.KDCOptions.unused7", 9378 FT_BOOLEAN, 8, NULL, 0x01, 9379 NULL, HFILL }}, 9380 { &hf_kerberos_KDCOptions_renewable, 9381 { "renewable", "kerberos.KDCOptions.renewable", 9382 FT_BOOLEAN, 8, NULL, 0x80, 9383 NULL, HFILL }}, 9384 { &hf_kerberos_KDCOptions_unused9, 9385 { "unused9", "kerberos.KDCOptions.unused9", 9386 FT_BOOLEAN, 8, NULL, 0x40, 9387 NULL, HFILL }}, 9388 { &hf_kerberos_KDCOptions_unused10, 9389 { "unused10", "kerberos.KDCOptions.unused10", 9390 FT_BOOLEAN, 8, NULL, 0x20, 9391 NULL, HFILL }}, 9392 { &hf_kerberos_KDCOptions_opt_hardware_auth, 9393 { "opt-hardware-auth", "kerberos.KDCOptions.opt.hardware.auth", 9394 FT_BOOLEAN, 8, NULL, 0x10, 9395 NULL, HFILL }}, 9396 { &hf_kerberos_KDCOptions_unused12, 9397 { "unused12", "kerberos.KDCOptions.unused12", 9398 FT_BOOLEAN, 8, NULL, 0x08, 9399 NULL, HFILL }}, 9400 { &hf_kerberos_KDCOptions_unused13, 9401 { "unused13", "kerberos.KDCOptions.unused13", 9402 FT_BOOLEAN, 8, NULL, 0x04, 9403 NULL, HFILL }}, 9404 { &hf_kerberos_KDCOptions_constrained_delegation, 9405 { "constrained-delegation", "kerberos.KDCOptions.constrained.delegation", 9406 FT_BOOLEAN, 8, NULL, 0x02, 9407 NULL, HFILL }}, 9408 { &hf_kerberos_KDCOptions_canonicalize, 9409 { "canonicalize", "kerberos.KDCOptions.canonicalize", 9410 FT_BOOLEAN, 8, NULL, 0x01, 9411 NULL, HFILL }}, 9412 { &hf_kerberos_KDCOptions_request_anonymous, 9413 { "request-anonymous", "kerberos.KDCOptions.request.anonymous", 9414 FT_BOOLEAN, 8, NULL, 0x80, 9415 NULL, HFILL }}, 9416 { &hf_kerberos_KDCOptions_unused17, 9417 { "unused17", "kerberos.KDCOptions.unused17", 9418 FT_BOOLEAN, 8, NULL, 0x40, 9419 NULL, HFILL }}, 9420 { &hf_kerberos_KDCOptions_unused18, 9421 { "unused18", "kerberos.KDCOptions.unused18", 9422 FT_BOOLEAN, 8, NULL, 0x20, 9423 NULL, HFILL }}, 9424 { &hf_kerberos_KDCOptions_unused19, 9425 { "unused19", "kerberos.KDCOptions.unused19", 9426 FT_BOOLEAN, 8, NULL, 0x10, 9427 NULL, HFILL }}, 9428 { &hf_kerberos_KDCOptions_unused20, 9429 { "unused20", "kerberos.KDCOptions.unused20", 9430 FT_BOOLEAN, 8, NULL, 0x08, 9431 NULL, HFILL }}, 9432 { &hf_kerberos_KDCOptions_unused21, 9433 { "unused21", "kerberos.KDCOptions.unused21", 9434 FT_BOOLEAN, 8, NULL, 0x04, 9435 NULL, HFILL }}, 9436 { &hf_kerberos_KDCOptions_unused22, 9437 { "unused22", "kerberos.KDCOptions.unused22", 9438 FT_BOOLEAN, 8, NULL, 0x02, 9439 NULL, HFILL }}, 9440 { &hf_kerberos_KDCOptions_unused23, 9441 { "unused23", "kerberos.KDCOptions.unused23", 9442 FT_BOOLEAN, 8, NULL, 0x01, 9443 NULL, HFILL }}, 9444 { &hf_kerberos_KDCOptions_unused24, 9445 { "unused24", "kerberos.KDCOptions.unused24", 9446 FT_BOOLEAN, 8, NULL, 0x80, 9447 NULL, HFILL }}, 9448 { &hf_kerberos_KDCOptions_unused25, 9449 { "unused25", "kerberos.KDCOptions.unused25", 9450 FT_BOOLEAN, 8, NULL, 0x40, 9451 NULL, HFILL }}, 9452 { &hf_kerberos_KDCOptions_disable_transited_check, 9453 { "disable-transited-check", "kerberos.KDCOptions.disable.transited.check", 9454 FT_BOOLEAN, 8, NULL, 0x20, 9455 NULL, HFILL }}, 9456 { &hf_kerberos_KDCOptions_renewable_ok, 9457 { "renewable-ok", "kerberos.KDCOptions.renewable.ok", 9458 FT_BOOLEAN, 8, NULL, 0x10, 9459 NULL, HFILL }}, 9460 { &hf_kerberos_KDCOptions_enc_tkt_in_skey, 9461 { "enc-tkt-in-skey", "kerberos.KDCOptions.enc.tkt.in.skey", 9462 FT_BOOLEAN, 8, NULL, 0x08, 9463 NULL, HFILL }}, 9464 { &hf_kerberos_KDCOptions_unused29, 9465 { "unused29", "kerberos.KDCOptions.unused29", 9466 FT_BOOLEAN, 8, NULL, 0x04, 9467 NULL, HFILL }}, 9468 { &hf_kerberos_KDCOptions_renew, 9469 { "renew", "kerberos.KDCOptions.renew", 9470 FT_BOOLEAN, 8, NULL, 0x02, 9471 NULL, HFILL }}, 9472 { &hf_kerberos_KDCOptions_validate, 9473 { "validate", "kerberos.KDCOptions.validate", 9474 FT_BOOLEAN, 8, NULL, 0x01, 9475 NULL, HFILL }}, 9476 { &hf_kerberos_PAC_OPTIONS_FLAGS_claims, 9477 { "claims", "kerberos.PAC.OPTIONS.FLAGS.claims", 9478 FT_BOOLEAN, 8, NULL, 0x80, 9479 NULL, HFILL }}, 9480 { &hf_kerberos_PAC_OPTIONS_FLAGS_branch_aware, 9481 { "branch-aware", "kerberos.PAC.OPTIONS.FLAGS.branch.aware", 9482 FT_BOOLEAN, 8, NULL, 0x40, 9483 NULL, HFILL }}, 9484 { &hf_kerberos_PAC_OPTIONS_FLAGS_forward_to_full_dc, 9485 { "forward-to-full-dc", "kerberos.PAC.OPTIONS.FLAGS.forward.to.full.dc", 9486 FT_BOOLEAN, 8, NULL, 0x20, 9487 NULL, HFILL }}, 9488 { &hf_kerberos_PAC_OPTIONS_FLAGS_resource_based_constrained_delegation, 9489 { "resource-based-constrained-delegation", "kerberos.PAC.OPTIONS.FLAGS.resource.based.constrained.delegation", 9490 FT_BOOLEAN, 8, NULL, 0x10, 9491 NULL, HFILL }}, 9492 9493 /*--- End of included file: packet-kerberos-hfarr.c ---*/ 9494 #line 5047 "./asn1/kerberos/packet-kerberos-template.c" 9495 }; 9496 9497 /* List of subtrees */ 9498 static gint *ett[] = { 9499 &ett_kerberos, 9500 &ett_krb_recordmark, 9501 &ett_krb_pac, 9502 &ett_krb_pac_drep, 9503 &ett_krb_pac_midl_blob, 9504 &ett_krb_pac_logon_info, 9505 &ett_krb_pac_credential_info, 9506 &ett_krb_pac_s4u_delegation_info, 9507 &ett_krb_pac_upn_dns_info, 9508 &ett_krb_pac_device_info, 9509 &ett_krb_pac_server_checksum, 9510 &ett_krb_pac_privsvr_checksum, 9511 &ett_krb_pac_client_info_type, 9512 &ett_krb_pac_ticket_checksum, 9513 &ett_krb_pa_supported_enctypes, 9514 &ett_krb_ad_ap_options, 9515 &ett_kerberos_KERB_TICKET_LOGON, 9516 #ifdef HAVE_KERBEROS 9517 &ett_krb_pa_enc_ts_enc, 9518 &ett_kerberos_KrbFastFinished, 9519 &ett_kerberos_KrbFastResponse, 9520 &ett_kerberos_KrbFastReq, 9521 &ett_kerberos_FastOptions, 9522 #endif 9523 9524 /*--- Included file: packet-kerberos-ettarr.c ---*/ 9525 #line 1 "./asn1/kerberos/packet-kerberos-ettarr.c" 9526 &ett_kerberos_Applications, 9527 &ett_kerberos_PrincipalName, 9528 &ett_kerberos_SEQUENCE_OF_KerberosString, 9529 &ett_kerberos_CName, 9530 &ett_kerberos_SEQUENCE_OF_CNameString, 9531 &ett_kerberos_SName, 9532 &ett_kerberos_SEQUENCE_OF_SNameString, 9533 &ett_kerberos_HostAddress, 9534 &ett_kerberos_HostAddresses, 9535 &ett_kerberos_AuthorizationData, 9536 &ett_kerberos_AuthorizationData_item, 9537 &ett_kerberos_PA_DATA, 9538 &ett_kerberos_EncryptionKey, 9539 &ett_kerberos_Checksum, 9540 &ett_kerberos_EncryptedTicketData, 9541 &ett_kerberos_EncryptedAuthorizationData, 9542 &ett_kerberos_EncryptedAuthenticator, 9543 &ett_kerberos_EncryptedKDCREPData, 9544 &ett_kerberos_EncryptedAPREPData, 9545 &ett_kerberos_EncryptedKrbPrivData, 9546 &ett_kerberos_EncryptedKrbCredData, 9547 &ett_kerberos_Ticket_U, 9548 &ett_kerberos_EncTicketPart_U, 9549 &ett_kerberos_TransitedEncoding, 9550 &ett_kerberos_KDC_REQ, 9551 &ett_kerberos_SEQUENCE_OF_PA_DATA, 9552 &ett_kerberos_KDC_REQ_BODY, 9553 &ett_kerberos_SEQUENCE_OF_ENCTYPE, 9554 &ett_kerberos_SEQUENCE_OF_Ticket, 9555 &ett_kerberos_KDC_REP, 9556 &ett_kerberos_EncKDCRepPart, 9557 &ett_kerberos_LastReq, 9558 &ett_kerberos_LastReq_item, 9559 &ett_kerberos_AP_REQ_U, 9560 &ett_kerberos_Authenticator_U, 9561 &ett_kerberos_AP_REP_U, 9562 &ett_kerberos_EncAPRepPart_U, 9563 &ett_kerberos_KRB_SAFE_U, 9564 &ett_kerberos_KRB_SAFE_BODY, 9565 &ett_kerberos_KRB_PRIV_U, 9566 &ett_kerberos_EncKrbPrivPart, 9567 &ett_kerberos_KRB_CRED_U, 9568 &ett_kerberos_EncKrbCredPart_U, 9569 &ett_kerberos_SEQUENCE_OF_KrbCredInfo, 9570 &ett_kerberos_KrbCredInfo, 9571 &ett_kerberos_KRB_ERROR_U, 9572 &ett_kerberos_METHOD_DATA, 9573 &ett_kerberos_PA_ENC_TIMESTAMP, 9574 &ett_kerberos_ETYPE_INFO_ENTRY, 9575 &ett_kerberos_ETYPE_INFO, 9576 &ett_kerberos_ETYPE_INFO2_ENTRY, 9577 &ett_kerberos_ETYPE_INFO2, 9578 &ett_kerberos_TGT_REQ, 9579 &ett_kerberos_TGT_REP, 9580 &ett_kerberos_APOptions, 9581 &ett_kerberos_TicketFlags, 9582 &ett_kerberos_KDCOptions, 9583 &ett_kerberos_PA_PAC_REQUEST, 9584 &ett_kerberos_PA_S4U2Self, 9585 &ett_kerberos_PA_S4U_X509_USER, 9586 &ett_kerberos_S4UUserID, 9587 &ett_kerberos_PAC_OPTIONS_FLAGS, 9588 &ett_kerberos_PA_PAC_OPTIONS, 9589 &ett_kerberos_KERB_AD_RESTRICTION_ENTRY_U, 9590 &ett_kerberos_PA_KERB_KEY_LIST_REQ, 9591 &ett_kerberos_PA_KERB_KEY_LIST_REP, 9592 &ett_kerberos_ChangePasswdData, 9593 &ett_kerberos_PA_AUTHENTICATION_SET_ELEM, 9594 &ett_kerberos_KrbFastArmor, 9595 &ett_kerberos_PA_FX_FAST_REQUEST, 9596 &ett_kerberos_EncryptedKrbFastReq, 9597 &ett_kerberos_KrbFastArmoredReq, 9598 &ett_kerberos_PA_FX_FAST_REPLY, 9599 &ett_kerberos_EncryptedKrbFastResponse, 9600 &ett_kerberos_KrbFastArmoredRep, 9601 &ett_kerberos_EncryptedChallenge, 9602 &ett_kerberos_EncryptedSpakeData, 9603 &ett_kerberos_EncryptedSpakeResponseData, 9604 &ett_kerberos_SPAKESupport, 9605 &ett_kerberos_SEQUENCE_SIZE_1_MAX_OF_SPAKEGroup, 9606 &ett_kerberos_SPAKEChallenge, 9607 &ett_kerberos_SEQUENCE_SIZE_1_MAX_OF_SPAKESecondFactor, 9608 &ett_kerberos_SPAKESecondFactor, 9609 &ett_kerberos_SPAKEResponse, 9610 &ett_kerberos_PA_SPAKE, 9611 9612 /*--- End of included file: packet-kerberos-ettarr.c ---*/ 9613 #line 5076 "./asn1/kerberos/packet-kerberos-template.c" 9614 }; 9615 9616 static ei_register_info ei[] = { 9617 { &ei_kerberos_missing_keytype, { "kerberos.missing_keytype", PI_DECRYPTION, PI_WARN, "Missing keytype", EXPFILL }}, 9618 { &ei_kerberos_decrypted_keytype, { "kerberos.decrypted_keytype", PI_SECURITY, PI_CHAT, "Decrypted keytype", EXPFILL }}, 9619 { &ei_kerberos_learnt_keytype, { "kerberos.learnt_keytype", PI_SECURITY, PI_CHAT, "Learnt keytype", EXPFILL }}, 9620 { &ei_kerberos_address, { "kerberos.address.unknown", PI_UNDECODED, PI_WARN, "KRB Address: I don't know how to parse this type of address yet", EXPFILL }}, 9621 { &ei_krb_gssapi_dlglen, { "kerberos.gssapi.dlglen.error", PI_MALFORMED, PI_ERROR, "DlgLen is not the same as number of bytes remaining", EXPFILL }}, 9622 }; 9623 9624 expert_module_t* expert_krb; 9625 module_t *krb_module; 9626 9627 proto_kerberos = proto_register_protocol("Kerberos", "KRB5", "kerberos"); 9628 proto_register_field_array(proto_kerberos, hf, array_length(hf)); 9629 proto_register_subtree_array(ett, array_length(ett)); 9630 expert_krb = expert_register_protocol(proto_kerberos); 9631 expert_register_field_array(expert_krb, ei, array_length(ei)); 9632 9633 /* Register preferences */ 9634 krb_module = prefs_register_protocol(proto_kerberos, kerberos_prefs_apply_cb); 9635 prefs_register_bool_preference(krb_module, "desegment", 9636 "Reassemble Kerberos over TCP messages spanning multiple TCP segments", 9637 "Whether the Kerberos dissector should reassemble messages spanning multiple TCP segments." 9638 " To use this option, you must also enable \"Allow subdissectors to reassemble TCP streams\" in the TCP protocol settings.", 9639 &krb_desegment); 9640 #ifdef HAVE_KERBEROS 9641 prefs_register_bool_preference(krb_module, "decrypt", 9642 "Try to decrypt Kerberos blobs", 9643 "Whether the dissector should try to decrypt " 9644 "encrypted Kerberos blobs. This requires that the proper " 9645 "keytab file is installed as well.", &krb_decrypt); 9646 9647 prefs_register_filename_preference(krb_module, "file", 9648 "Kerberos keytab file", 9649 "The keytab file containing all the secrets", 9650 &keytab_filename, FALSE); 9651 9652 #if defined(HAVE_HEIMDAL_KERBEROS) || defined(HAVE_MIT_KERBEROS) 9653 wmem_register_callback(wmem_epan_scope(), enc_key_list_cb, NULL); 9654 kerberos_longterm_keys = wmem_map_new(wmem_epan_scope(), 9655 enc_key_content_hash, 9656 enc_key_content_equal); 9657 kerberos_all_keys = wmem_map_new_autoreset(wmem_epan_scope(), 9658 wmem_file_scope(), 9659 enc_key_content_hash, 9660 enc_key_content_equal); 9661 kerberos_app_session_keys = wmem_map_new_autoreset(wmem_epan_scope(), 9662 wmem_file_scope(), 9663 enc_key_content_hash, 9664 enc_key_content_equal); 9665 #endif /* defined(HAVE_HEIMDAL_KERBEROS) || defined(HAVE_MIT_KERBEROS) */ 9666 #endif /* HAVE_KERBEROS */ 9667 9668 } 9669 static int wrap_dissect_gss_kerb(tvbuff_t *tvb, int offset, packet_info *pinfo, 9670 proto_tree *tree, dcerpc_info *di _U_,guint8 *drep _U_) 9671 { 9672 tvbuff_t *auth_tvb; 9673 9674 auth_tvb = tvb_new_subset_remaining(tvb, offset); 9675 9676 dissect_kerberos_main(auth_tvb, pinfo, tree, FALSE, NULL); 9677 9678 return tvb_captured_length_remaining(tvb, offset); 9679 } 9680 9681 9682 static dcerpc_auth_subdissector_fns gss_kerb_auth_connect_fns = { 9683 wrap_dissect_gss_kerb, /* Bind */ 9684 wrap_dissect_gss_kerb, /* Bind ACK */ 9685 wrap_dissect_gss_kerb, /* AUTH3 */ 9686 NULL, /* Request verifier */ 9687 NULL, /* Response verifier */ 9688 NULL, /* Request data */ 9689 NULL /* Response data */ 9690 }; 9691 9692 static dcerpc_auth_subdissector_fns gss_kerb_auth_sign_fns = { 9693 wrap_dissect_gss_kerb, /* Bind */ 9694 wrap_dissect_gss_kerb, /* Bind ACK */ 9695 wrap_dissect_gss_kerb, /* AUTH3 */ 9696 wrap_dissect_gssapi_verf, /* Request verifier */ 9697 wrap_dissect_gssapi_verf, /* Response verifier */ 9698 NULL, /* Request data */ 9699 NULL /* Response data */ 9700 }; 9701 9702 static dcerpc_auth_subdissector_fns gss_kerb_auth_seal_fns = { 9703 wrap_dissect_gss_kerb, /* Bind */ 9704 wrap_dissect_gss_kerb, /* Bind ACK */ 9705 wrap_dissect_gss_kerb, /* AUTH3 */ 9706 wrap_dissect_gssapi_verf, /* Request verifier */ 9707 wrap_dissect_gssapi_verf, /* Response verifier */ 9708 wrap_dissect_gssapi_payload, /* Request data */ 9709 wrap_dissect_gssapi_payload /* Response data */ 9710 }; 9711 9712 9713 9714 void 9715 proto_reg_handoff_kerberos(void) 9716 { 9717 dissector_handle_t kerberos_handle_tcp; 9718 9719 krb4_handle = find_dissector_add_dependency("krb4", proto_kerberos); 9720 9721 kerberos_handle_udp = create_dissector_handle(dissect_kerberos_udp, 9722 proto_kerberos); 9723 9724 kerberos_handle_tcp = create_dissector_handle(dissect_kerberos_tcp, 9725 proto_kerberos); 9726 9727 dissector_add_uint_with_preference("udp.port", UDP_PORT_KERBEROS, kerberos_handle_udp); 9728 dissector_add_uint_with_preference("tcp.port", TCP_PORT_KERBEROS, kerberos_handle_tcp); 9729 9730 register_dcerpc_auth_subdissector(DCE_C_AUTHN_LEVEL_CONNECT, 9731 DCE_C_RPC_AUTHN_PROTOCOL_GSS_KERBEROS, 9732 &gss_kerb_auth_connect_fns); 9733 9734 register_dcerpc_auth_subdissector(DCE_C_AUTHN_LEVEL_PKT_INTEGRITY, 9735 DCE_C_RPC_AUTHN_PROTOCOL_GSS_KERBEROS, 9736 &gss_kerb_auth_sign_fns); 9737 9738 register_dcerpc_auth_subdissector(DCE_C_AUTHN_LEVEL_PKT_PRIVACY, 9739 DCE_C_RPC_AUTHN_PROTOCOL_GSS_KERBEROS, 9740 &gss_kerb_auth_seal_fns); 9741 } 9742 9743 /* 9744 * Editor modelines - https://www.wireshark.org/tools/modelines.html 9745 * 9746 * Local variables: 9747 * c-basic-offset: 8 9748 * tab-width: 8 9749 * indent-tabs-mode: t 9750 * End: 9751 * 9752 * vi: set shiftwidth=8 tabstop=8 noexpandtab: 9753 * :indentSize=8:tabSize=8:noTabs=false: 9754 */ 9755