1 /* Do not modify this file. Changes will be overwritten. */
2 /* Generated automatically by the ASN.1 to Wireshark dissector compiler */
3 /* packet-kerberos.c */
4 /* asn2wrs.py -b -p kerberos -c ./kerberos.cnf -s ./packet-kerberos-template -D . -O ../.. KerberosV5Spec2.asn k5.asn RFC3244.asn RFC6113.asn SPAKE.asn */
5
6 /* Input file: packet-kerberos-template.c */
7
8 #line 1 "./asn1/kerberos/packet-kerberos-template.c"
9 /* packet-kerberos.c
10 * Routines for Kerberos
11 * Wes Hardaker (c) 2000
12 * wjhardaker@ucdavis.edu
13 * Richard Sharpe (C) 2002, rsharpe@samba.org, modularized a bit more and
14 * added AP-REQ and AP-REP dissection
15 *
16 * Ronnie Sahlberg (C) 2004, major rewrite for new ASN.1/BER API.
17 * decryption of kerberos blobs if keytab is provided
18 *
19 * See RFC 1510, and various I-Ds and other documents showing additions,
20 * e.g. ones listed under
21 *
22 * http://clifford.neuman.name/krb-revisions/
23 *
24 * and
25 *
26 * https://tools.ietf.org/html/draft-ietf-krb-wg-kerberos-clarifications-07
27 *
_expand_table(table)28 * and
29 *
30 * https://tools.ietf.org/html/draft-ietf-krb-wg-kerberos-referrals-05
31 *
32 * Some structures from RFC2630
33 *
34 * Wireshark - Network traffic analyzer
35 * By Gerald Combs <gerald@wireshark.org>
36 * Copyright 1998 Gerald Combs
37 *
38 * SPDX-License-Identifier: GPL-2.0-or-later
39 */
40
41 /*
42 * Some of the development of the Kerberos protocol decoder was sponsored by
43 * Cable Television Laboratories, Inc. ("CableLabs") based upon proprietary
44 * CableLabs' specifications. Your license and use of this protocol decoder
45 * does not mean that you are licensed to use the CableLabs'
46 * specifications. If you have questions about this protocol, contact
47 * jf.mule [AT] cablelabs.com or c.stuart [AT] cablelabs.com for additional
48 * information.
49 */
50
51 #include <config.h>
52
53 #include <stdio.h>
54
55 // krb5.h needs to be included before the defines in packet-kerberos.h
56 #if defined(HAVE_HEIMDAL_KERBEROS) || defined(HAVE_MIT_KERBEROS)
57 #ifdef _WIN32
58 /* prevent redefinition warnings in krb5's win-mac.h */
59 #define SSIZE_T_DEFINED
60 #endif /* _WIN32 */
61 #include <krb5.h>
62 #endif
63
64 #include <epan/packet.h>
65 #include <epan/exceptions.h>
66 #include <epan/strutil.h>
67 #include <epan/conversation.h>
68 #include <epan/asn1.h>
69 #include <epan/expert.h>
70 #include <epan/prefs.h>
71 #include <wsutil/wsgcrypt.h>
72 #include <wsutil/file_util.h>
73 #include <wsutil/str_util.h>
74 #include <wsutil/pint.h>
75 #include "packet-kerberos.h"
76 #include "packet-netbios.h"
77 #include "packet-tcp.h"
78 #include "packet-ber.h"
79 #include "packet-pkinit.h"
80 #include "packet-cms.h"
81 #include "packet-windows-common.h"
82
83 #include "read_keytab_file.h"
84
85 #include "packet-dcerpc-netlogon.h"
86 #include "packet-dcerpc.h"
87
88 #include "packet-gssapi.h"
89 #include "packet-x509af.h"
90
91 #define KEY_USAGE_FAST_REQ_CHKSUM 50
92 #define KEY_USAGE_FAST_ENC 51
93 #define KEY_USAGE_FAST_REP 52
94 #define KEY_USAGE_FAST_FINISHED 53
95 #define KEY_USAGE_ENC_CHALLENGE_CLIENT 54
96 #define KEY_USAGE_ENC_CHALLENGE_KDC 55
97
98 void proto_register_kerberos(void);
99 void proto_reg_handoff_kerberos(void);
100
101 #define UDP_PORT_KERBEROS 88
102 #define TCP_PORT_KERBEROS 88
103
104 #define ADDRESS_STR_BUFSIZ 256
105
106 typedef struct kerberos_key {
107 guint32 keytype;
108 int keylength;
109 const guint8 *keyvalue;
110 } kerberos_key_t;
111
112 typedef void (*kerberos_key_save_fn)(tvbuff_t *tvb _U_, int offset _U_, int length _U_,
113 asn1_ctx_t *actx _U_, proto_tree *tree _U_,
114 int parent_hf_index _U_,
test_symmetry_bowker()115 int hf_index _U_);
116
117 typedef struct {
118 guint32 msg_type;
119 gboolean is_win2k_pkinit;
120 guint32 errorcode;
121 gboolean try_nt_status;
122 guint32 etype;
123 guint32 padata_type;
124 guint32 is_enc_padata;
125 guint32 enctype;
126 kerberos_key_t key;
127 proto_tree *key_tree;
128 proto_item *key_hidden_item;
129 tvbuff_t *key_tvb;
130 kerberos_callbacks *callbacks;
131 guint32 ad_type;
132 guint32 addr_type;
133 guint32 checksum_type;
134 #ifdef HAVE_KERBEROS
135 enc_key_t *last_decryption_key;
136 enc_key_t *last_added_key;
137 tvbuff_t *last_ticket_enc_part_tvb;
138 #endif
139 gint save_encryption_key_parent_hf_index;
140 kerberos_key_save_fn save_encryption_key_fn;
141 guint learnt_key_ids;
142 guint missing_key_ids;
143 wmem_list_t *decryption_keys;
144 wmem_list_t *learnt_keys;
145 wmem_list_t *missing_keys;
146 guint32 within_PA_TGS_REQ;
147 #ifdef HAVE_KERBEROS
148 enc_key_t *PA_TGS_REQ_key;
149 enc_key_t *PA_TGS_REQ_subkey;
150 #endif
test_cochransq()151 guint32 fast_type;
152 guint32 fast_armor_within_armor_value;
153 #ifdef HAVE_KERBEROS
154 enc_key_t *PA_FAST_ARMOR_AP_key;
155 enc_key_t *PA_FAST_ARMOR_AP_subkey;
156 enc_key_t *fast_armor_key;
157 enc_key_t *fast_strengthen_key;
158 #endif
159 } kerberos_private_data_t;
160
161 static dissector_handle_t kerberos_handle_udp;
162
163 /* Forward declarations */
164 static int dissect_kerberos_Applications(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
165 static int dissect_kerberos_AuthorizationData(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
166 static int dissect_kerberos_PA_ENC_TIMESTAMP(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
167 #ifdef HAVE_KERBEROS
168 static int dissect_kerberos_PA_ENC_TS_ENC(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
169 #endif
170 static int dissect_kerberos_PA_PAC_REQUEST(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
171 static int dissect_kerberos_PA_S4U2Self(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
172 static int dissect_kerberos_PA_S4U_X509_USER(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
173 static int dissect_kerberos_ETYPE_INFO(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
174 static int dissect_kerberos_ETYPE_INFO2(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
175 static int dissect_kerberos_AD_IF_RELEVANT(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
176 static int dissect_kerberos_PA_AUTHENTICATION_SET_ELEM(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
177 static int dissect_kerberos_PA_FX_FAST_REQUEST(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
178 static int dissect_kerberos_EncryptedChallenge(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
test_cochransq2()179 static int dissect_kerberos_PA_KERB_KEY_LIST_REQ(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
180 static int dissect_kerberos_PA_KERB_KEY_LIST_REP(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
181 static int dissect_kerberos_PA_FX_FAST_REPLY(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
182 static int dissect_kerberos_PA_PAC_OPTIONS(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
183 static int dissect_kerberos_KERB_AD_RESTRICTION_ENTRY(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
184 static int dissect_kerberos_SEQUENCE_OF_ENCTYPE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
185 static int dissect_kerberos_PA_SPAKE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
186 #ifdef HAVE_KERBEROS
187 static int dissect_kerberos_KrbFastReq(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
188 static int dissect_kerberos_KrbFastResponse(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
189 static int dissect_kerberos_FastOptions(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
190 #endif
191
192 /* Desegment Kerberos over TCP messages */
193 static gboolean krb_desegment = TRUE;
194
195 static gint proto_kerberos = -1;
196
197 static gint hf_krb_rm_reserved = -1;
198 static gint hf_krb_rm_reclen = -1;
test_cochransq3()199 static gint hf_krb_provsrv_location = -1;
200 static gint hf_krb_pw_salt = -1;
201 static gint hf_krb_ext_error_nt_status = -1;
202 static gint hf_krb_ext_error_reserved = -1;
203 static gint hf_krb_ext_error_flags = -1;
204 static gint hf_krb_address_ip = -1;
205 static gint hf_krb_address_netbios = -1;
206 static gint hf_krb_address_ipv6 = -1;
207 static gint hf_krb_gssapi_len = -1;
208 static gint hf_krb_gssapi_bnd = -1;
209 static gint hf_krb_gssapi_dlgopt = -1;
210 static gint hf_krb_gssapi_dlglen = -1;
211 static gint hf_krb_gssapi_c_flag_deleg = -1;
212 static gint hf_krb_gssapi_c_flag_mutual = -1;
213 static gint hf_krb_gssapi_c_flag_replay = -1;
214 static gint hf_krb_gssapi_c_flag_sequence = -1;
215 static gint hf_krb_gssapi_c_flag_conf = -1;
216 static gint hf_krb_gssapi_c_flag_integ = -1;
217 static gint hf_krb_gssapi_c_flag_dce_style = -1;
218 static gint hf_krb_midl_version = -1;
219 static gint hf_krb_midl_hdr_len = -1;
220 static gint hf_krb_midl_fill_bytes = -1;
221 static gint hf_krb_midl_blob_len = -1;
222 static gint hf_krb_pac_signature_type = -1;
223 static gint hf_krb_pac_signature_signature = -1;
224 static gint hf_krb_w2k_pac_entries = -1;
225 static gint hf_krb_w2k_pac_version = -1;
test_runstest(reset_randomstate)226 static gint hf_krb_w2k_pac_type = -1;
227 static gint hf_krb_w2k_pac_size = -1;
228 static gint hf_krb_w2k_pac_offset = -1;
229 static gint hf_krb_pac_clientid = -1;
230 static gint hf_krb_pac_namelen = -1;
231 static gint hf_krb_pac_clientname = -1;
232 static gint hf_krb_pac_logon_info = -1;
233 static gint hf_krb_pac_credential_data = -1;
234 static gint hf_krb_pac_credential_info = -1;
235 static gint hf_krb_pac_credential_info_version = -1;
236 static gint hf_krb_pac_credential_info_etype = -1;
237 static gint hf_krb_pac_s4u_delegation_info = -1;
238 static gint hf_krb_pac_upn_dns_info = -1;
239 static gint hf_krb_pac_upn_flags = -1;
240 static gint hf_krb_pac_upn_dns_offset = -1;
241 static gint hf_krb_pac_upn_dns_len = -1;
242 static gint hf_krb_pac_upn_upn_offset = -1;
243 static gint hf_krb_pac_upn_upn_len = -1;
244 static gint hf_krb_pac_upn_upn_name = -1;
245 static gint hf_krb_pac_upn_dns_name = -1;
246 static gint hf_krb_pac_server_checksum = -1;
247 static gint hf_krb_pac_privsvr_checksum = -1;
248 static gint hf_krb_pac_client_info_type = -1;
249 static gint hf_krb_pac_client_claims_info = -1;
250 static gint hf_krb_pac_device_info = -1;
251 static gint hf_krb_pac_device_claims_info = -1;
252 static gint hf_krb_pac_ticket_checksum = -1;
253 static gint hf_krb_pa_supported_enctypes = -1;
254 static gint hf_krb_pa_supported_enctypes_des_cbc_crc = -1;
255 static gint hf_krb_pa_supported_enctypes_des_cbc_md5 = -1;
256 static gint hf_krb_pa_supported_enctypes_rc4_hmac = -1;
257 static gint hf_krb_pa_supported_enctypes_aes128_cts_hmac_sha1_96 = -1;
258 static gint hf_krb_pa_supported_enctypes_aes256_cts_hmac_sha1_96 = -1;
259 static gint hf_krb_pa_supported_enctypes_fast_supported = -1;
260 static gint hf_krb_pa_supported_enctypes_compound_identity_supported = -1;
261 static gint hf_krb_pa_supported_enctypes_claims_supported = -1;
262 static gint hf_krb_pa_supported_enctypes_resource_sid_compression_disabled = -1;
263 static gint hf_krb_ad_ap_options = -1;
test_runstest_2sample()264 static gint hf_krb_ad_ap_options_cbt = -1;
265 static gint hf_krb_ad_target_principal = -1;
266 static gint hf_krb_key_hidden_item = -1;
267 static gint hf_kerberos_KERB_TICKET_LOGON = -1;
268 static gint hf_kerberos_KERB_TICKET_LOGON_MessageType = -1;
269 static gint hf_kerberos_KERB_TICKET_LOGON_Flags = -1;
270 static gint hf_kerberos_KERB_TICKET_LOGON_ServiceTicketLength = -1;
271 static gint hf_kerberos_KERB_TICKET_LOGON_TicketGrantingTicketLength = -1;
272 static gint hf_kerberos_KERB_TICKET_LOGON_ServiceTicket = -1;
273 static gint hf_kerberos_KERB_TICKET_LOGON_TicketGrantingTicket = -1;
274 static gint hf_kerberos_KERB_TICKET_LOGON_FLAG_ALLOW_EXPIRED_TICKET = -1;
275 static gint hf_kerberos_KERB_TICKET_LOGON_FLAG_REDIRECTED = -1;
276 #ifdef HAVE_KERBEROS
277 static gint hf_kerberos_KrbFastResponse = -1;
278 static gint hf_kerberos_strengthen_key = -1;
279 static gint hf_kerberos_finished = -1;
280 static gint hf_kerberos_fast_options = -1;
281 static gint hf_kerberos_ticket_checksum = -1;
282 static gint hf_krb_patimestamp = -1;
283 static gint hf_krb_pausec = -1;
284 static gint hf_kerberos_FastOptions_reserved = -1;
285 static gint hf_kerberos_FastOptions_hide_client_names = -1;
286 static gint hf_kerberos_FastOptions_spare_bit2 = -1;
287 static gint hf_kerberos_FastOptions_spare_bit3 = -1;
test_brunnermunzel_one_sided()288 static gint hf_kerberos_FastOptions_spare_bit4 = -1;
289 static gint hf_kerberos_FastOptions_spare_bit5 = -1;
290 static gint hf_kerberos_FastOptions_spare_bit6 = -1;
291 static gint hf_kerberos_FastOptions_spare_bit7 = -1;
292 static gint hf_kerberos_FastOptions_spare_bit8 = -1;
293 static gint hf_kerberos_FastOptions_spare_bit9 = -1;
294 static gint hf_kerberos_FastOptions_spare_bit10 = -1;
295 static gint hf_kerberos_FastOptions_spare_bit11 = -1;
296 static gint hf_kerberos_FastOptions_spare_bit12 = -1;
297 static gint hf_kerberos_FastOptions_spare_bit13 = -1;
298 static gint hf_kerberos_FastOptions_spare_bit14 = -1;
299 static gint hf_kerberos_FastOptions_spare_bit15 = -1;
300 static gint hf_kerberos_FastOptions_kdc_follow_referrals = -1;
301
302 #endif
303
304 /*--- Included file: packet-kerberos-hf.c ---*/
305 #line 1 "./asn1/kerberos/packet-kerberos-hf.c"
306 static int hf_kerberos_ticket = -1; /* Ticket */
307 static int hf_kerberos_authenticator = -1; /* Authenticator */
308 static int hf_kerberos_encTicketPart = -1; /* EncTicketPart */
309 static int hf_kerberos_as_req = -1; /* AS_REQ */
310 static int hf_kerberos_as_rep = -1; /* AS_REP */
311 static int hf_kerberos_tgs_req = -1; /* TGS_REQ */
312 static int hf_kerberos_tgs_rep = -1; /* TGS_REP */
313 static int hf_kerberos_ap_req = -1; /* AP_REQ */
314 static int hf_kerberos_ap_rep = -1; /* AP_REP */
315 static int hf_kerberos_krb_safe = -1; /* KRB_SAFE */
316 static int hf_kerberos_krb_priv = -1; /* KRB_PRIV */
317 static int hf_kerberos_krb_cred = -1; /* KRB_CRED */
318 static int hf_kerberos_encASRepPart = -1; /* EncASRepPart */
319 static int hf_kerberos_encTGSRepPart = -1; /* EncTGSRepPart */
320 static int hf_kerberos_encAPRepPart = -1; /* EncAPRepPart */
321 static int hf_kerberos_encKrbPrivPart = -1; /* ENC_KRB_PRIV_PART */
322 static int hf_kerberos_encKrbCredPart = -1; /* EncKrbCredPart */
323 static int hf_kerberos_krb_error = -1; /* KRB_ERROR */
324 static int hf_kerberos_name_type = -1; /* NAME_TYPE */
325 static int hf_kerberos_name_string = -1; /* SEQUENCE_OF_KerberosString */
test_brunnermunzel_two_sided()326 static int hf_kerberos_name_string_item = -1; /* KerberosString */
327 static int hf_kerberos_cname_string = -1; /* SEQUENCE_OF_CNameString */
328 static int hf_kerberos_cname_string_item = -1; /* CNameString */
329 static int hf_kerberos_sname_string = -1; /* SEQUENCE_OF_SNameString */
330 static int hf_kerberos_sname_string_item = -1; /* SNameString */
331 static int hf_kerberos_addr_type = -1; /* ADDR_TYPE */
332 static int hf_kerberos_address = -1; /* T_address */
333 static int hf_kerberos_HostAddresses_item = -1; /* HostAddress */
334 static int hf_kerberos_AuthorizationData_item = -1; /* AuthorizationData_item */
335 static int hf_kerberos_ad_type = -1; /* AUTHDATA_TYPE */
336 static int hf_kerberos_ad_data = -1; /* T_ad_data */
337 static int hf_kerberos_padata_type = -1; /* PADATA_TYPE */
338 static int hf_kerberos_padata_value = -1; /* T_padata_value */
339 static int hf_kerberos_keytype = -1; /* T_keytype */
340 static int hf_kerberos_keyvalue = -1; /* T_keyvalue */
341 static int hf_kerberos_cksumtype = -1; /* CKSUMTYPE */
342 static int hf_kerberos_checksum = -1; /* T_checksum */
343 static int hf_kerberos_etype = -1; /* ENCTYPE */
344 static int hf_kerberos_kvno = -1; /* UInt32 */
345 static int hf_kerberos_encryptedTicketData_cipher = -1; /* T_encryptedTicketData_cipher */
346 static int hf_kerberos_encryptedAuthorizationData_cipher = -1; /* T_encryptedAuthorizationData_cipher */
347 static int hf_kerberos_encryptedAuthenticator_cipher = -1; /* T_encryptedAuthenticator_cipher */
348 static int hf_kerberos_encryptedKDCREPData_cipher = -1; /* T_encryptedKDCREPData_cipher */
349 static int hf_kerberos_encryptedAPREPData_cipher = -1; /* T_encryptedAPREPData_cipher */
350 static int hf_kerberos_encryptedKrbPrivData_cipher = -1; /* T_encryptedKrbPrivData_cipher */
351 static int hf_kerberos_encryptedKrbCredData_cipher = -1; /* T_encryptedKrbCredData_cipher */
352 static int hf_kerberos_tkt_vno = -1; /* INTEGER_5 */
353 static int hf_kerberos_realm = -1; /* Realm */
354 static int hf_kerberos_sname = -1; /* SName */
355 static int hf_kerberos_ticket_enc_part = -1; /* EncryptedTicketData */
356 static int hf_kerberos_flags = -1; /* TicketFlags */
test_rank_compare_2indep1()357 static int hf_kerberos_encTicketPart_key = -1; /* T_encTicketPart_key */
358 static int hf_kerberos_crealm = -1; /* Realm */
359 static int hf_kerberos_cname = -1; /* CName */
360 static int hf_kerberos_transited = -1; /* TransitedEncoding */
361 static int hf_kerberos_authtime = -1; /* KerberosTime */
362 static int hf_kerberos_starttime = -1; /* KerberosTime */
363 static int hf_kerberos_endtime = -1; /* KerberosTime */
364 static int hf_kerberos_renew_till = -1; /* KerberosTime */
365 static int hf_kerberos_caddr = -1; /* HostAddresses */
366 static int hf_kerberos_authorization_data = -1; /* AuthorizationData */
367 static int hf_kerberos_tr_type = -1; /* Int32 */
368 static int hf_kerberos_contents = -1; /* OCTET_STRING */
369 static int hf_kerberos_pvno = -1; /* INTEGER_5 */
370 static int hf_kerberos_msg_type = -1; /* MESSAGE_TYPE */
371 static int hf_kerberos_padata = -1; /* SEQUENCE_OF_PA_DATA */
372 static int hf_kerberos_padata_item = -1; /* PA_DATA */
373 static int hf_kerberos_req_body = -1; /* KDC_REQ_BODY */
374 static int hf_kerberos_kdc_options = -1; /* KDCOptions */
375 static int hf_kerberos_from = -1; /* KerberosTime */
376 static int hf_kerberos_till = -1; /* KerberosTime */
377 static int hf_kerberos_rtime = -1; /* KerberosTime */
378 static int hf_kerberos_nonce = -1; /* UInt32 */
379 static int hf_kerberos_kDC_REQ_BODY_etype = -1; /* SEQUENCE_OF_ENCTYPE */
380 static int hf_kerberos_kDC_REQ_BODY_etype_item = -1; /* ENCTYPE */
381 static int hf_kerberos_addresses = -1; /* HostAddresses */
382 static int hf_kerberos_enc_authorization_data = -1; /* EncryptedAuthorizationData */
383 static int hf_kerberos_additional_tickets = -1; /* SEQUENCE_OF_Ticket */
384 static int hf_kerberos_additional_tickets_item = -1; /* Ticket */
385 static int hf_kerberos_kDC_REP_enc_part = -1; /* EncryptedKDCREPData */
386 static int hf_kerberos_encKDCRepPart_key = -1; /* T_encKDCRepPart_key */
387 static int hf_kerberos_last_req = -1; /* LastReq */
388 static int hf_kerberos_key_expiration = -1; /* KerberosTime */
389 static int hf_kerberos_srealm = -1; /* Realm */
390 static int hf_kerberos_encrypted_pa_data = -1; /* T_encrypted_pa_data */
391 static int hf_kerberos_LastReq_item = -1; /* LastReq_item */
392 static int hf_kerberos_lr_type = -1; /* LR_TYPE */
393 static int hf_kerberos_lr_value = -1; /* KerberosTime */
394 static int hf_kerberos_ap_options = -1; /* APOptions */
395 static int hf_kerberos_authenticator_enc_part = -1; /* EncryptedAuthenticator */
396 static int hf_kerberos_authenticator_vno = -1; /* INTEGER_5 */
397 static int hf_kerberos_cksum = -1; /* Checksum */
398 static int hf_kerberos_cusec = -1; /* Microseconds */
399 static int hf_kerberos_ctime = -1; /* KerberosTime */
400 static int hf_kerberos_authenticator_subkey = -1; /* T_authenticator_subkey */
401 static int hf_kerberos_seq_number = -1; /* UInt32 */
402 static int hf_kerberos_aP_REP_enc_part = -1; /* EncryptedAPREPData */
403 static int hf_kerberos_encAPRepPart_subkey = -1; /* T_encAPRepPart_subkey */
404 static int hf_kerberos_safe_body = -1; /* KRB_SAFE_BODY */
405 static int hf_kerberos_kRB_SAFE_BODY_user_data = -1; /* T_kRB_SAFE_BODY_user_data */
406 static int hf_kerberos_timestamp = -1; /* KerberosTime */
407 static int hf_kerberos_usec = -1; /* Microseconds */
408 static int hf_kerberos_s_address = -1; /* HostAddress */
409 static int hf_kerberos_r_address = -1; /* HostAddress */
410 static int hf_kerberos_kRB_PRIV_enc_part = -1; /* EncryptedKrbPrivData */
411 static int hf_kerberos_encKrbPrivPart_user_data = -1; /* T_encKrbPrivPart_user_data */
412 static int hf_kerberos_tickets = -1; /* SEQUENCE_OF_Ticket */
413 static int hf_kerberos_tickets_item = -1; /* Ticket */
414 static int hf_kerberos_kRB_CRED_enc_part = -1; /* EncryptedKrbCredData */
415 static int hf_kerberos_ticket_info = -1; /* SEQUENCE_OF_KrbCredInfo */
416 static int hf_kerberos_ticket_info_item = -1; /* KrbCredInfo */
417 static int hf_kerberos_krbCredInfo_key = -1; /* T_krbCredInfo_key */
418 static int hf_kerberos_prealm = -1; /* Realm */
419 static int hf_kerberos_pname = -1; /* PrincipalName */
420 static int hf_kerberos_stime = -1; /* KerberosTime */
421 static int hf_kerberos_susec = -1; /* Microseconds */
422 static int hf_kerberos_error_code = -1; /* ERROR_CODE */
423 static int hf_kerberos_e_text = -1; /* KerberosString */
424 static int hf_kerberos_e_data = -1; /* T_e_data */
425 static int hf_kerberos_e_checksum = -1; /* Checksum */
426 static int hf_kerberos_METHOD_DATA_item = -1; /* PA_DATA */
427 static int hf_kerberos_pA_ENC_TIMESTAMP_cipher = -1; /* T_pA_ENC_TIMESTAMP_cipher */
428 static int hf_kerberos_info_salt = -1; /* OCTET_STRING */
429 static int hf_kerberos_ETYPE_INFO_item = -1; /* ETYPE_INFO_ENTRY */
430 static int hf_kerberos_info2_salt = -1; /* KerberosString */
431 static int hf_kerberos_s2kparams = -1; /* OCTET_STRING */
432 static int hf_kerberos_ETYPE_INFO2_item = -1; /* ETYPE_INFO2_ENTRY */
433 static int hf_kerberos_server_name = -1; /* PrincipalName */
434 static int hf_kerberos_include_pac = -1; /* BOOLEAN */
435 static int hf_kerberos_name = -1; /* PrincipalName */
436 static int hf_kerberos_auth = -1; /* GeneralString */
437 static int hf_kerberos_user_id = -1; /* S4UUserID */
438 static int hf_kerberos_checksum_01 = -1; /* Checksum */
439 static int hf_kerberos_cname_01 = -1; /* PrincipalName */
440 static int hf_kerberos_subject_certificate = -1; /* T_subject_certificate */
test_rank_compare_ord()441 static int hf_kerberos_options = -1; /* BIT_STRING */
442 static int hf_kerberos_flags_01 = -1; /* PAC_OPTIONS_FLAGS */
443 static int hf_kerberos_restriction_type = -1; /* Int32 */
444 static int hf_kerberos_restriction = -1; /* OCTET_STRING */
445 static int hf_kerberos_PA_KERB_KEY_LIST_REQ_item = -1; /* ENCTYPE */
446 static int hf_kerberos_kerbKeyListRep_key = -1; /* PA_KERB_KEY_LIST_REP_item */
447 static int hf_kerberos_newpasswd = -1; /* OCTET_STRING */
448 static int hf_kerberos_targname = -1; /* PrincipalName */
449 static int hf_kerberos_targrealm = -1; /* Realm */
450 static int hf_kerberos_pa_type = -1; /* PADATA_TYPE */
451 static int hf_kerberos_pa_hint = -1; /* OCTET_STRING */
452 static int hf_kerberos_pa_value = -1; /* OCTET_STRING */
453 static int hf_kerberos_armor_type = -1; /* KrbFastArmorTypes */
454 static int hf_kerberos_armor_value = -1; /* T_armor_value */
455 static int hf_kerberos_armored_data_request = -1; /* KrbFastArmoredReq */
456 static int hf_kerberos_encryptedKrbFastReq_cipher = -1; /* T_encryptedKrbFastReq_cipher */
457 static int hf_kerberos_armor = -1; /* KrbFastArmor */
458 static int hf_kerberos_req_checksum = -1; /* Checksum */
459 static int hf_kerberos_enc_fast_req = -1; /* EncryptedKrbFastReq */
460 static int hf_kerberos_armored_data_reply = -1; /* KrbFastArmoredRep */
test_rank_compare_vectorized()461 static int hf_kerberos_encryptedKrbFastResponse_cipher = -1; /* T_encryptedKrbFastResponse_cipher */
462 static int hf_kerberos_enc_fast_rep = -1; /* EncryptedKrbFastResponse */
463 static int hf_kerberos_encryptedChallenge_cipher = -1; /* T_encryptedChallenge_cipher */
464 static int hf_kerberos_cipher = -1; /* OCTET_STRING */
465 static int hf_kerberos_groups = -1; /* SEQUENCE_SIZE_1_MAX_OF_SPAKEGroup */
466 static int hf_kerberos_groups_item = -1; /* SPAKEGroup */
467 static int hf_kerberos_group = -1; /* SPAKEGroup */
468 static int hf_kerberos_pubkey = -1; /* OCTET_STRING */
469 static int hf_kerberos_factors = -1; /* SEQUENCE_SIZE_1_MAX_OF_SPAKESecondFactor */
470 static int hf_kerberos_factors_item = -1; /* SPAKESecondFactor */
471 static int hf_kerberos_type = -1; /* SPAKESecondFactorType */
472 static int hf_kerberos_data = -1; /* OCTET_STRING */
473 static int hf_kerberos_factor = -1; /* EncryptedSpakeResponseData */
474 static int hf_kerberos_support = -1; /* SPAKESupport */
475 static int hf_kerberos_challenge = -1; /* SPAKEChallenge */
476 static int hf_kerberos_response = -1; /* SPAKEResponse */
477 static int hf_kerberos_encdata = -1; /* EncryptedSpakeData */
478 /* named bits */
479 static int hf_kerberos_APOptions_reserved = -1;
480 static int hf_kerberos_APOptions_use_session_key = -1;
481 static int hf_kerberos_APOptions_mutual_required = -1;
482 static int hf_kerberos_TicketFlags_reserved = -1;
483 static int hf_kerberos_TicketFlags_forwardable = -1;
484 static int hf_kerberos_TicketFlags_forwarded = -1;
485 static int hf_kerberos_TicketFlags_proxiable = -1;
486 static int hf_kerberos_TicketFlags_proxy = -1;
487 static int hf_kerberos_TicketFlags_may_postdate = -1;
488 static int hf_kerberos_TicketFlags_postdated = -1;
489 static int hf_kerberos_TicketFlags_invalid = -1;
490 static int hf_kerberos_TicketFlags_renewable = -1;
491 static int hf_kerberos_TicketFlags_initial = -1;
492 static int hf_kerberos_TicketFlags_pre_authent = -1;
493 static int hf_kerberos_TicketFlags_hw_authent = -1;
494 static int hf_kerberos_TicketFlags_transited_policy_checked = -1;
495 static int hf_kerberos_TicketFlags_ok_as_delegate = -1;
496 static int hf_kerberos_TicketFlags_unused = -1;
497 static int hf_kerberos_TicketFlags_enc_pa_rep = -1;
498 static int hf_kerberos_TicketFlags_anonymous = -1;
499 static int hf_kerberos_KDCOptions_reserved = -1;
500 static int hf_kerberos_KDCOptions_forwardable = -1;
501 static int hf_kerberos_KDCOptions_forwarded = -1;
502 static int hf_kerberos_KDCOptions_proxiable = -1;
503 static int hf_kerberos_KDCOptions_proxy = -1;
504 static int hf_kerberos_KDCOptions_allow_postdate = -1;
505 static int hf_kerberos_KDCOptions_postdated = -1;
506 static int hf_kerberos_KDCOptions_unused7 = -1;
507 static int hf_kerberos_KDCOptions_renewable = -1;
508 static int hf_kerberos_KDCOptions_unused9 = -1;
509 static int hf_kerberos_KDCOptions_unused10 = -1;
510 static int hf_kerberos_KDCOptions_opt_hardware_auth = -1;
511 static int hf_kerberos_KDCOptions_unused12 = -1;
512 static int hf_kerberos_KDCOptions_unused13 = -1;
513 static int hf_kerberos_KDCOptions_constrained_delegation = -1;
514 static int hf_kerberos_KDCOptions_canonicalize = -1;
515 static int hf_kerberos_KDCOptions_request_anonymous = -1;
516 static int hf_kerberos_KDCOptions_unused17 = -1;
517 static int hf_kerberos_KDCOptions_unused18 = -1;
518 static int hf_kerberos_KDCOptions_unused19 = -1;
519 static int hf_kerberos_KDCOptions_unused20 = -1;
520 static int hf_kerberos_KDCOptions_unused21 = -1;
521 static int hf_kerberos_KDCOptions_unused22 = -1;
522 static int hf_kerberos_KDCOptions_unused23 = -1;
523 static int hf_kerberos_KDCOptions_unused24 = -1;
524 static int hf_kerberos_KDCOptions_unused25 = -1;
525 static int hf_kerberos_KDCOptions_disable_transited_check = -1;
526 static int hf_kerberos_KDCOptions_renewable_ok = -1;
527 static int hf_kerberos_KDCOptions_enc_tkt_in_skey = -1;
528 static int hf_kerberos_KDCOptions_unused29 = -1;
529 static int hf_kerberos_KDCOptions_renew = -1;
530 static int hf_kerberos_KDCOptions_validate = -1;
531 static int hf_kerberos_PAC_OPTIONS_FLAGS_claims = -1;
532 static int hf_kerberos_PAC_OPTIONS_FLAGS_branch_aware = -1;
533 static int hf_kerberos_PAC_OPTIONS_FLAGS_forward_to_full_dc = -1;
534 static int hf_kerberos_PAC_OPTIONS_FLAGS_resource_based_constrained_delegation = -1;
535
536 /*--- End of included file: packet-kerberos-hf.c ---*/
537 #line 296 "./asn1/kerberos/packet-kerberos-template.c"
538
539 /* Initialize the subtree pointers */
540 static gint ett_kerberos = -1;
541 static gint ett_krb_recordmark = -1;
542 static gint ett_krb_pac = -1;
543 static gint ett_krb_pac_drep = -1;
544 static gint ett_krb_pac_midl_blob = -1;
545 static gint ett_krb_pac_logon_info = -1;
546 static gint ett_krb_pac_credential_info = -1;
547 static gint ett_krb_pac_s4u_delegation_info = -1;
548 static gint ett_krb_pac_upn_dns_info = -1;
549 static gint ett_krb_pac_device_info = -1;
550 static gint ett_krb_pac_server_checksum = -1;
551 static gint ett_krb_pac_privsvr_checksum = -1;
552 static gint ett_krb_pac_client_info_type = -1;
553 static gint ett_krb_pac_ticket_checksum = -1;
554 static gint ett_krb_pa_supported_enctypes = -1;
555 static gint ett_krb_ad_ap_options = -1;
556 static gint ett_kerberos_KERB_TICKET_LOGON = -1;
557 #ifdef HAVE_KERBEROS
558 static gint ett_krb_pa_enc_ts_enc = -1;
559 static gint ett_kerberos_KrbFastFinished = -1;
560 static gint ett_kerberos_KrbFastResponse = -1;
561 static gint ett_kerberos_KrbFastReq = -1;
562 static gint ett_kerberos_FastOptions = -1;
563 #endif
564
565 /*--- Included file: packet-kerberos-ett.c ---*/
566 #line 1 "./asn1/kerberos/packet-kerberos-ett.c"
567 static gint ett_kerberos_Applications = -1;
568 static gint ett_kerberos_PrincipalName = -1;
569 static gint ett_kerberos_SEQUENCE_OF_KerberosString = -1;
570 static gint ett_kerberos_CName = -1;
571 static gint ett_kerberos_SEQUENCE_OF_CNameString = -1;
572 static gint ett_kerberos_SName = -1;
573 static gint ett_kerberos_SEQUENCE_OF_SNameString = -1;
574 static gint ett_kerberos_HostAddress = -1;
575 static gint ett_kerberos_HostAddresses = -1;
576 static gint ett_kerberos_AuthorizationData = -1;
577 static gint ett_kerberos_AuthorizationData_item = -1;
578 static gint ett_kerberos_PA_DATA = -1;
579 static gint ett_kerberos_EncryptionKey = -1;
580 static gint ett_kerberos_Checksum = -1;
581 static gint ett_kerberos_EncryptedTicketData = -1;
582 static gint ett_kerberos_EncryptedAuthorizationData = -1;
583 static gint ett_kerberos_EncryptedAuthenticator = -1;
584 static gint ett_kerberos_EncryptedKDCREPData = -1;
585 static gint ett_kerberos_EncryptedAPREPData = -1;
586 static gint ett_kerberos_EncryptedKrbPrivData = -1;
587 static gint ett_kerberos_EncryptedKrbCredData = -1;
588 static gint ett_kerberos_Ticket_U = -1;
589 static gint ett_kerberos_EncTicketPart_U = -1;
590 static gint ett_kerberos_TransitedEncoding = -1;
591 static gint ett_kerberos_KDC_REQ = -1;
592 static gint ett_kerberos_SEQUENCE_OF_PA_DATA = -1;
593 static gint ett_kerberos_KDC_REQ_BODY = -1;
594 static gint ett_kerberos_SEQUENCE_OF_ENCTYPE = -1;
595 static gint ett_kerberos_SEQUENCE_OF_Ticket = -1;
596 static gint ett_kerberos_KDC_REP = -1;
597 static gint ett_kerberos_EncKDCRepPart = -1;
598 static gint ett_kerberos_LastReq = -1;
599 static gint ett_kerberos_LastReq_item = -1;
600 static gint ett_kerberos_AP_REQ_U = -1;
601 static gint ett_kerberos_Authenticator_U = -1;
602 static gint ett_kerberos_AP_REP_U = -1;
603 static gint ett_kerberos_EncAPRepPart_U = -1;
604 static gint ett_kerberos_KRB_SAFE_U = -1;
605 static gint ett_kerberos_KRB_SAFE_BODY = -1;
606 static gint ett_kerberos_KRB_PRIV_U = -1;
607 static gint ett_kerberos_EncKrbPrivPart = -1;
608 static gint ett_kerberos_KRB_CRED_U = -1;
609 static gint ett_kerberos_EncKrbCredPart_U = -1;
610 static gint ett_kerberos_SEQUENCE_OF_KrbCredInfo = -1;
611 static gint ett_kerberos_KrbCredInfo = -1;
612 static gint ett_kerberos_KRB_ERROR_U = -1;
613 static gint ett_kerberos_METHOD_DATA = -1;
614 static gint ett_kerberos_PA_ENC_TIMESTAMP = -1;
615 static gint ett_kerberos_ETYPE_INFO_ENTRY = -1;
616 static gint ett_kerberos_ETYPE_INFO = -1;
617 static gint ett_kerberos_ETYPE_INFO2_ENTRY = -1;
618 static gint ett_kerberos_ETYPE_INFO2 = -1;
619 static gint ett_kerberos_TGT_REQ = -1;
620 static gint ett_kerberos_TGT_REP = -1;
621 static gint ett_kerberos_APOptions = -1;
622 static gint ett_kerberos_TicketFlags = -1;
623 static gint ett_kerberos_KDCOptions = -1;
624 static gint ett_kerberos_PA_PAC_REQUEST = -1;
625 static gint ett_kerberos_PA_S4U2Self = -1;
626 static gint ett_kerberos_PA_S4U_X509_USER = -1;
627 static gint ett_kerberos_S4UUserID = -1;
628 static gint ett_kerberos_PAC_OPTIONS_FLAGS = -1;
629 static gint ett_kerberos_PA_PAC_OPTIONS = -1;
630 static gint ett_kerberos_KERB_AD_RESTRICTION_ENTRY_U = -1;
631 static gint ett_kerberos_PA_KERB_KEY_LIST_REQ = -1;
632 static gint ett_kerberos_PA_KERB_KEY_LIST_REP = -1;
633 static gint ett_kerberos_ChangePasswdData = -1;
634 static gint ett_kerberos_PA_AUTHENTICATION_SET_ELEM = -1;
635 static gint ett_kerberos_KrbFastArmor = -1;
636 static gint ett_kerberos_PA_FX_FAST_REQUEST = -1;
637 static gint ett_kerberos_EncryptedKrbFastReq = -1;
638 static gint ett_kerberos_KrbFastArmoredReq = -1;
639 static gint ett_kerberos_PA_FX_FAST_REPLY = -1;
640 static gint ett_kerberos_EncryptedKrbFastResponse = -1;
641 static gint ett_kerberos_KrbFastArmoredRep = -1;
642 static gint ett_kerberos_EncryptedChallenge = -1;
643 static gint ett_kerberos_EncryptedSpakeData = -1;
644 static gint ett_kerberos_EncryptedSpakeResponseData = -1;
645 static gint ett_kerberos_SPAKESupport = -1;
646 static gint ett_kerberos_SEQUENCE_SIZE_1_MAX_OF_SPAKEGroup = -1;
647 static gint ett_kerberos_SPAKEChallenge = -1;
648 static gint ett_kerberos_SEQUENCE_SIZE_1_MAX_OF_SPAKESecondFactor = -1;
649 static gint ett_kerberos_SPAKESecondFactor = -1;
650 static gint ett_kerberos_SPAKEResponse = -1;
651 static gint ett_kerberos_PA_SPAKE = -1;
652
653 /*--- End of included file: packet-kerberos-ett.c ---*/
654 #line 323 "./asn1/kerberos/packet-kerberos-template.c"
655
656 static expert_field ei_kerberos_missing_keytype = EI_INIT;
657 static expert_field ei_kerberos_decrypted_keytype = EI_INIT;
658 static expert_field ei_kerberos_learnt_keytype = EI_INIT;
659 static expert_field ei_kerberos_address = EI_INIT;
660 static expert_field ei_krb_gssapi_dlglen = EI_INIT;
661
662 static dissector_handle_t krb4_handle=NULL;
663
664 /* Global variables */
665 static guint32 gbl_keytype;
666 static gboolean gbl_do_col_info;
667
668
669 /*--- Included file: packet-kerberos-val.h ---*/
670 #line 1 "./asn1/kerberos/packet-kerberos-val.h"
671 #define id_krb5 "1.3.6.1.5.2"
672
673 typedef enum _KERBEROS_AUTHDATA_TYPE_enum {
674 KERBEROS_AD_IF_RELEVANT = 1,
675 KERBEROS_AD_INTENDED_FOR_SERVER = 2,
676 KERBEROS_AD_INTENDED_FOR_APPLICATION_CLASS = 3,
677 KERBEROS_AD_KDC_ISSUED = 4,
678 KERBEROS_AD_AND_OR = 5,
679 KERBEROS_AD_MANDATORY_TICKET_EXTENSIONS = 6,
680 KERBEROS_AD_IN_TICKET_EXTENSIONS = 7,
681 KERBEROS_AD_MANDATORY_FOR_KDC = 8,
682 KERBEROS_AD_INITIAL_VERIFIED_CAS = 9,
683 KERBEROS_AD_OSF_DCE = 64,
684 KERBEROS_AD_SESAME = 65,
685 KERBEROS_AD_OSF_DCE_PKI_CERTID = 66,
686 KERBEROS_AD_AUTHENTICATION_STRENGTH = 70,
687 KERBEROS_AD_FX_FAST_ARMOR = 71,
688 KERBEROS_AD_FX_FAST_USED = 72,
689 KERBEROS_AD_WIN2K_PAC = 128,
690 KERBEROS_AD_GSS_API_ETYPE_NEGOTIATION = 129,
691 KERBEROS_AD_TOKEN_RESTRICTIONS = 141,
692 KERBEROS_AD_LOCAL = 142,
693 KERBEROS_AD_AP_OPTIONS = 143,
694 KERBEROS_AD_TARGET_PRINCIPAL = 144,
695 KERBEROS_AD_SIGNTICKET_OLDER = -17,
696 KERBEROS_AD_SIGNTICKET = 512
697 } KERBEROS_AUTHDATA_TYPE_enum;
698
699 /* enumerated values for ADDR_TYPE */
700 #define KERBEROS_ADDR_TYPE_IPV4 2
701 #define KERBEROS_ADDR_TYPE_CHAOS 5
702 #define KERBEROS_ADDR_TYPE_XEROX 6
703 #define KERBEROS_ADDR_TYPE_ISO 7
704 #define KERBEROS_ADDR_TYPE_DECNET 12
705 #define KERBEROS_ADDR_TYPE_APPLETALK 16
706 #define KERBEROS_ADDR_TYPE_NETBIOS 20
707 #define KERBEROS_ADDR_TYPE_IPV6 24
708
709 typedef enum _KERBEROS_PADATA_TYPE_enum {
710 KERBEROS_PA_NONE = 0,
711 KERBEROS_PA_TGS_REQ = 1,
712 KERBEROS_PA_ENC_TIMESTAMP = 2,
713 KERBEROS_PA_PW_SALT = 3,
714 KERBEROS_PA_ENC_UNIX_TIME = 5,
715 KERBEROS_PA_SANDIA_SECUREID = 6,
716 KERBEROS_PA_SESAME = 7,
717 KERBEROS_PA_OSF_DCE = 8,
718 KERBEROS_PA_CYBERSAFE_SECUREID = 9,
719 KERBEROS_PA_AFS3_SALT = 10,
720 KERBEROS_PA_ETYPE_INFO = 11,
721 KERBEROS_PA_SAM_CHALLENGE = 12,
722 KERBEROS_PA_SAM_RESPONSE = 13,
723 KERBEROS_PA_PK_AS_REQ_19 = 14,
724 KERBEROS_PA_PK_AS_REP_19 = 15,
725 KERBEROS_PA_PK_AS_REQ = 16,
726 KERBEROS_PA_PK_AS_REP = 17,
727 KERBEROS_PA_PK_OCSP_RESPONSE = 18,
728 KERBEROS_PA_ETYPE_INFO2 = 19,
729 KERBEROS_PA_USE_SPECIFIED_KVNO = 20,
730 KERBEROS_PA_SAM_REDIRECT = 21,
731 KERBEROS_PA_GET_FROM_TYPED_DATA = 22,
732 KERBEROS_TD_PADATA = 22,
733 KERBEROS_PA_SAM_ETYPE_INFO = 23,
734 KERBEROS_PA_ALT_PRINC = 24,
735 KERBEROS_PA_SERVER_REFERRAL = 25,
736 KERBEROS_PA_SAM_CHALLENGE2 = 30,
737 KERBEROS_PA_SAM_RESPONSE2 = 31,
738 KERBEROS_PA_EXTRA_TGT = 41,
739 KERBEROS_TD_PKINIT_CMS_CERTIFICATES = 101,
740 KERBEROS_TD_KRB_PRINCIPAL = 102,
741 KERBEROS_TD_KRB_REALM = 103,
742 KERBEROS_TD_TRUSTED_CERTIFIERS = 104,
743 KERBEROS_TD_CERTIFICATE_INDEX = 105,
744 KERBEROS_TD_APP_DEFINED_ERROR = 106,
745 KERBEROS_TD_REQ_NONCE = 107,
746 KERBEROS_TD_REQ_SEQ = 108,
747 KERBEROS_TD_DH_PARAMETERS = 109,
748 KERBEROS_TD_CMS_DIGEST_ALGORITHMS = 111,
749 KERBEROS_TD_CERT_DIGEST_ALGORITHMS = 112,
750 KERBEROS_PA_PAC_REQUEST = 128,
751 KERBEROS_PA_FOR_USER = 129,
752 KERBEROS_PA_FOR_X509_USER = 130,
753 KERBEROS_PA_FOR_CHECK_DUPS = 131,
754 KERBEROS_PA_PK_AS_09_BINDING = 132,
755 KERBEROS_PA_FX_COOKIE = 133,
756 KERBEROS_PA_AUTHENTICATION_SET = 134,
757 KERBEROS_PA_AUTH_SET_SELECTED = 135,
758 KERBEROS_PA_FX_FAST = 136,
759 KERBEROS_PA_FX_ERROR = 137,
760 KERBEROS_PA_ENCRYPTED_CHALLENGE = 138,
761 KERBEROS_PA_OTP_CHALLENGE = 141,
762 KERBEROS_PA_OTP_REQUEST = 142,
763 KERBEROS_PA_OTP_CONFIRM = 143,
764 KERBEROS_PA_OTP_PIN_CHANGE = 144,
765 KERBEROS_PA_EPAK_AS_REQ = 145,
766 KERBEROS_PA_EPAK_AS_REP = 146,
767 KERBEROS_PA_PKINIT_KX = 147,
768 KERBEROS_PA_PKU2U_NAME = 148,
769 KERBEROS_PA_REQ_ENC_PA_REP = 149,
770 KERBEROS_PA_SPAKE = 151,
771 KERBEROS_PA_KERB_KEY_LIST_REQ = 161,
772 KERBEROS_PA_KERB_KEY_LIST_REP = 162,
773 KERBEROS_PA_SUPPORTED_ETYPES = 165,
774 KERBEROS_PA_EXTENDED_ERROR = 166,
775 KERBEROS_PA_PAC_OPTIONS = 167,
776 KERBEROS_PA_PROV_SRV_LOCATION = -1
777 } KERBEROS_PADATA_TYPE_enum;
778
779 typedef enum _KERBEROS_KRBFASTARMORTYPES_enum {
780 KERBEROS_FX_FAST_RESERVED = 0,
781 KERBEROS_FX_FAST_ARMOR_AP_REQUEST = 1
782 } KERBEROS_KRBFASTARMORTYPES_enum;
783
784 /*--- End of included file: packet-kerberos-val.h ---*/
785 #line 337 "./asn1/kerberos/packet-kerberos-template.c"
786
787 static void
788 call_kerberos_callbacks(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int tag, kerberos_callbacks *cb)
789 {
790 if(!cb){
791 return;
792 }
793
794 while(cb->tag){
795 if(cb->tag==tag){
796 cb->callback(pinfo, tvb, tree);
797 return;
798 }
799 cb++;
800 }
801 return;
802 }
803
804 static kerberos_private_data_t*
805 kerberos_new_private_data(packet_info *pinfo)
806 {
807 kerberos_private_data_t *p;
808
809 p = wmem_new0(pinfo->pool, kerberos_private_data_t);
810 if (p == NULL) {
811 return NULL;
812 }
813
814 p->decryption_keys = wmem_list_new(pinfo->pool);
815 p->learnt_keys = wmem_list_new(pinfo->pool);
816 p->missing_keys = wmem_list_new(pinfo->pool);
817
818 return p;
819 }
820
821 static kerberos_private_data_t*
822 kerberos_get_private_data(asn1_ctx_t *actx)
823 {
824 if (!actx->private_data) {
825 actx->private_data = kerberos_new_private_data(actx->pinfo);
826 }
827 return (kerberos_private_data_t *)(actx->private_data);
828 }
829
830 static gboolean
831 kerberos_private_is_kdc_req(kerberos_private_data_t *private_data)
832 {
833 switch (private_data->msg_type) {
834 case KERBEROS_APPLICATIONS_AS_REQ:
835 case KERBEROS_APPLICATIONS_TGS_REQ:
836 return TRUE;
837 }
838
839 return FALSE;
840 }
841
842 gboolean
843 kerberos_is_win2k_pkinit(asn1_ctx_t *actx)
844 {
845 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
846
847 return private_data->is_win2k_pkinit;
848 }
849
850 #ifdef HAVE_KERBEROS
851
852 /* Decrypt Kerberos blobs */
853 gboolean krb_decrypt = FALSE;
854
855 /* keytab filename */
856 static const char *keytab_filename = "";
857
858 void
859 read_keytab_file_from_preferences(void)
860 {
861 static char *last_keytab = NULL;
862
863 if (!krb_decrypt) {
864 return;
865 }
866
867 if (keytab_filename == NULL) {
868 return;
869 }
870
871 if (last_keytab && !strcmp(last_keytab, keytab_filename)) {
872 return;
873 }
874
875 g_free(last_keytab);
876 last_keytab = g_strdup(keytab_filename);
877
878 read_keytab_file(last_keytab);
879 }
880 #endif /* HAVE_KERBEROS */
881
882 #if defined(HAVE_HEIMDAL_KERBEROS) || defined(HAVE_MIT_KERBEROS)
883 enc_key_t *enc_key_list=NULL;
884 static guint kerberos_longterm_ids = 0;
885 wmem_map_t *kerberos_longterm_keys = NULL;
886 static wmem_map_t *kerberos_all_keys = NULL;
887 static wmem_map_t *kerberos_app_session_keys = NULL;
888
889 static gboolean
890 enc_key_list_cb(wmem_allocator_t* allocator _U_, wmem_cb_event_t event _U_, void *user_data _U_)
891 {
892 enc_key_list = NULL;
893 kerberos_longterm_ids = 0;
894 /* keep the callback registered */
895 return TRUE;
896 }
897
898 static gint enc_key_cmp_id(gconstpointer k1, gconstpointer k2)
899 {
900 const enc_key_t *key1 = (const enc_key_t *)k1;
901 const enc_key_t *key2 = (const enc_key_t *)k2;
902
903 if (key1->fd_num < key2->fd_num) {
904 return -1;
905 }
906 if (key1->fd_num > key2->fd_num) {
907 return 1;
908 }
909
910 if (key1->id < key2->id) {
911 return -1;
912 }
913 if (key1->id > key2->id) {
914 return 1;
915 }
916
917 return 0;
918 }
919
920 static gboolean
921 enc_key_content_equal(gconstpointer k1, gconstpointer k2)
922 {
923 const enc_key_t *key1 = (const enc_key_t *)k1;
924 const enc_key_t *key2 = (const enc_key_t *)k2;
925 int cmp;
926
927 if (key1->keytype != key2->keytype) {
928 return FALSE;
929 }
930
931 if (key1->keylength != key2->keylength) {
932 return FALSE;
933 }
934
935 cmp = memcmp(key1->keyvalue, key2->keyvalue, key1->keylength);
936 if (cmp != 0) {
937 return FALSE;
938 }
939
940 return TRUE;
941 }
942
943 static guint
944 enc_key_content_hash(gconstpointer k)
945 {
946 const enc_key_t *key = (const enc_key_t *)k;
947 guint ret = 0;
948
949 ret += wmem_strong_hash((const guint8 *)&key->keytype,
950 sizeof(key->keytype));
951 ret += wmem_strong_hash((const guint8 *)&key->keylength,
952 sizeof(key->keylength));
953 ret += wmem_strong_hash((const guint8 *)key->keyvalue,
954 key->keylength);
955
956 return ret;
957 }
958
959 static void
960 kerberos_key_map_insert(wmem_map_t *key_map, enc_key_t *new_key)
961 {
962 enc_key_t *existing = NULL;
963 enc_key_t *cur = NULL;
964 gint cmp;
965
966 existing = (enc_key_t *)wmem_map_lookup(key_map, new_key);
967 if (existing == NULL) {
968 wmem_map_insert(key_map, new_key, new_key);
969 return;
970 }
971
972 if (key_map != kerberos_all_keys) {
973 /*
974 * It should already be linked to the existing key...
975 */
976 return;
977 }
978
979 if (existing->fd_num == -1 && new_key->fd_num != -1) {
980 /*
981 * We can't reference a learnt key
982 * from a longterm key. As they have
983 * a shorter lifetime.
984 *
985 * So just let the learnt key remember the
986 * match.
987 */
988 new_key->same_list = existing;
989 new_key->num_same = existing->num_same + 1;
990 return;
991 }
992
993 /*
994 * If a key with the same content (keytype,keylength,keyvalue)
995 * already exists, we want the earliest key to be
996 * in the list.
997 */
998 cmp = enc_key_cmp_id(new_key, existing);
999 if (cmp == 0) {
1000 /*
1001 * It's the same, nothing to do...
1002 */
1003 return;
1004 }
1005 if (cmp < 0) {
1006 /* The new key has should be added to the list. */
1007 new_key->same_list = existing;
1008 new_key->num_same = existing->num_same + 1;
1009 wmem_map_insert(key_map, new_key, new_key);
1010 return;
1011 }
1012
1013 /*
1014 * We want to link the new_key to the existing one.
1015 *
1016 * But we want keep the list sorted, so we need to forward
1017 * to the correct spot.
1018 */
1019 for (cur = existing; cur->same_list != NULL; cur = cur->same_list) {
1020 cmp = enc_key_cmp_id(new_key, cur->same_list);
1021 if (cmp == 0) {
1022 /*
1023 * It's the same, nothing to do...
1024 */
1025 return;
1026 }
1027
1028 if (cmp < 0) {
1029 /*
1030 * We found the correct spot,
1031 * the new_key should added
1032 * between existing and existing->same_list
1033 */
1034 new_key->same_list = cur->same_list;
1035 new_key->num_same = cur->num_same;
1036 break;
1037 }
1038 }
1039
1040 /*
1041 * finally link new_key to existing
1042 * and fix up the numbers
1043 */
1044 cur->same_list = new_key;
1045 for (cur = existing; cur != new_key; cur = cur->same_list) {
1046 cur->num_same += 1;
1047 }
1048
1049 return;
1050 }
1051
1052 struct insert_longterm_keys_into_key_map_state {
1053 wmem_map_t *key_map;
1054 };
1055
1056 static void insert_longterm_keys_into_key_map_cb(gpointer __key _U_,
1057 gpointer value,
1058 gpointer user_data)
1059 {
1060 struct insert_longterm_keys_into_key_map_state *state =
1061 (struct insert_longterm_keys_into_key_map_state *)user_data;
1062 enc_key_t *key = (enc_key_t *)value;
1063
1064 kerberos_key_map_insert(state->key_map, key);
1065 }
1066
1067 static void insert_longterm_keys_into_key_map(wmem_map_t *key_map)
1068 {
1069 /*
1070 * Because the kerberos_longterm_keys are allocated on
1071 * wmem_epan_scope() and kerberos_all_keys are allocated
1072 * on wmem_file_scope(), we need to plug the longterm keys
1073 * back to kerberos_all_keys if a new file was loaded
1074 * and wmem_file_scope() got cleared.
1075 */
1076 if (wmem_map_size(key_map) < wmem_map_size(kerberos_longterm_keys)) {
1077 struct insert_longterm_keys_into_key_map_state state = {
1078 .key_map = key_map,
1079 };
1080 /*
1081 * Reference all longterm keys into kerberos_all_keys
1082 */
1083 wmem_map_foreach(kerberos_longterm_keys,
1084 insert_longterm_keys_into_key_map_cb,
1085 &state);
1086 }
1087 }
1088
1089 static void
1090 kerberos_key_list_append(wmem_list_t *key_list, enc_key_t *new_key)
1091 {
1092 enc_key_t *existing = NULL;
1093
1094 existing = (enc_key_t *)wmem_list_find(key_list, new_key);
1095 if (existing != NULL) {
1096 return;
1097 }
1098
1099 wmem_list_append(key_list, new_key);
1100 }
1101
1102 static void
1103 add_encryption_key(packet_info *pinfo,
1104 kerberos_private_data_t *private_data,
1105 proto_tree *key_tree,
1106 proto_item *key_hidden_item,
1107 tvbuff_t *key_tvb,
1108 int keytype, int keylength, const char *keyvalue,
1109 const char *origin,
1110 enc_key_t *src1, enc_key_t *src2)
1111 {
1112 wmem_allocator_t *key_scope = NULL;
1113 enc_key_t *new_key = NULL;
1114 const char *methodl = "learnt";
1115 const char *methodu = "Learnt";
1116 proto_item *item = NULL;
1117
1118 private_data->last_added_key = NULL;
1119
1120 if (src1 != NULL && src2 != NULL) {
1121 methodl = "derived";
1122 methodu = "Derived";
1123 }
1124
1125 if(pinfo->fd->visited){
1126 /*
1127 * We already processed this,
1128 * we can use a shortterm scope
1129 */
1130 key_scope = pinfo->pool;
1131 } else {
1132 /*
1133 * As long as we have enc_key_list, we need to
1134 * use wmem_epan_scope(), when that's gone
1135 * we can dynamically select the scope based on
1136 * how long we'll need the particular key.
1137 */
1138 key_scope = wmem_epan_scope();
1139 }
1140
1141 new_key = wmem_new0(key_scope, enc_key_t);
1142 g_snprintf(new_key->key_origin, KRB_MAX_ORIG_LEN, "%s %s in frame %u",
1143 methodl, origin, pinfo->num);
1144 new_key->fd_num = pinfo->num;
1145 new_key->id = ++private_data->learnt_key_ids;
1146 g_snprintf(new_key->id_str, KRB_MAX_ID_STR_LEN, "%d.%u",
1147 new_key->fd_num, new_key->id);
1148 new_key->keytype=keytype;
1149 new_key->keylength=keylength;
1150 memcpy(new_key->keyvalue, keyvalue, MIN(keylength, KRB_MAX_KEY_LENGTH));
1151 new_key->src1 = src1;
1152 new_key->src2 = src2;
1153
1154 if(!pinfo->fd->visited){
1155 /*
1156 * Only keep it if we don't processed it before.
1157 */
1158 new_key->next=enc_key_list;
1159 enc_key_list=new_key;
1160 insert_longterm_keys_into_key_map(kerberos_all_keys);
1161 kerberos_key_map_insert(kerberos_all_keys, new_key);
1162 }
1163
1164 item = proto_tree_add_expert_format(key_tree, pinfo, &ei_kerberos_learnt_keytype,
1165 key_tvb, 0, keylength,
1166 "%s %s keytype %d (id=%d.%u) (%02x%02x%02x%02x...)",
1167 methodu, origin, keytype, pinfo->num, new_key->id,
1168 keyvalue[0] & 0xFF, keyvalue[1] & 0xFF,
1169 keyvalue[2] & 0xFF, keyvalue[3] & 0xFF);
1170 if (item != NULL && key_hidden_item != NULL) {
1171 proto_tree_move_item(key_tree, key_hidden_item, item);
1172 }
1173 if (src1 != NULL) {
1174 enc_key_t *sek = src1;
1175 expert_add_info_format(pinfo, item, &ei_kerberos_learnt_keytype,
1176 "SRC1 %s keytype %d (id=%s same=%u) (%02x%02x%02x%02x...)",
1177 sek->key_origin, sek->keytype,
1178 sek->id_str, sek->num_same,
1179 sek->keyvalue[0] & 0xFF, sek->keyvalue[1] & 0xFF,
1180 sek->keyvalue[2] & 0xFF, sek->keyvalue[3] & 0xFF);
1181 }
1182 if (src2 != NULL) {
1183 enc_key_t *sek = src2;
1184 expert_add_info_format(pinfo, item, &ei_kerberos_learnt_keytype,
1185 "SRC2 %s keytype %d (id=%s same=%u) (%02x%02x%02x%02x...)",
1186 sek->key_origin, sek->keytype,
1187 sek->id_str, sek->num_same,
1188 sek->keyvalue[0] & 0xFF, sek->keyvalue[1] & 0xFF,
1189 sek->keyvalue[2] & 0xFF, sek->keyvalue[3] & 0xFF);
1190 }
1191
1192 kerberos_key_list_append(private_data->learnt_keys, new_key);
1193 private_data->last_added_key = new_key;
1194 }
1195
1196 static void
1197 save_encryption_key(tvbuff_t *tvb _U_, int offset _U_, int length _U_,
1198 asn1_ctx_t *actx _U_, proto_tree *tree _U_,
1199 int parent_hf_index _U_,
1200 int hf_index _U_)
1201 {
1202 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
1203 const char *parent = proto_registrar_get_name(parent_hf_index);
1204 const char *element = proto_registrar_get_name(hf_index);
1205 char origin[KRB_MAX_ORIG_LEN] = { 0, };
1206
1207 g_snprintf(origin, KRB_MAX_ORIG_LEN, "%s_%s", parent, element);
1208
1209 add_encryption_key(actx->pinfo,
1210 private_data,
1211 private_data->key_tree,
1212 private_data->key_hidden_item,
1213 private_data->key_tvb,
1214 private_data->key.keytype,
1215 private_data->key.keylength,
1216 private_data->key.keyvalue,
1217 origin,
1218 NULL,
1219 NULL);
1220 }
1221
1222 static void
1223 save_Authenticator_subkey(tvbuff_t *tvb, int offset, int length,
1224 asn1_ctx_t *actx, proto_tree *tree,
1225 int parent_hf_index,
1226 int hf_index)
1227 {
1228 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
1229
1230 save_encryption_key(tvb, offset, length, actx, tree, parent_hf_index, hf_index);
1231
1232 if (private_data->last_decryption_key == NULL) {
1233 return;
1234 }
1235 if (private_data->last_added_key == NULL) {
1236 return;
1237 }
1238
1239 if (private_data->within_PA_TGS_REQ != 0) {
1240 private_data->PA_TGS_REQ_key = private_data->last_decryption_key;
1241 private_data->PA_TGS_REQ_subkey = private_data->last_added_key;
1242 }
1243 if (private_data->fast_armor_within_armor_value != 0) {
1244 private_data->PA_FAST_ARMOR_AP_key = private_data->last_decryption_key;
1245 private_data->PA_FAST_ARMOR_AP_subkey = private_data->last_added_key;
1246 }
1247 }
1248
1249 static void
1250 save_EncAPRepPart_subkey(tvbuff_t *tvb, int offset, int length,
1251 asn1_ctx_t *actx, proto_tree *tree,
1252 int parent_hf_index,
1253 int hf_index)
1254 {
1255 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
1256
1257 save_encryption_key(tvb, offset, length, actx, tree, parent_hf_index, hf_index);
1258
1259 if (actx->pinfo->fd->visited) {
1260 return;
1261 }
1262
1263 if (private_data->last_added_key == NULL) {
1264 return;
1265 }
1266
1267 kerberos_key_map_insert(kerberos_app_session_keys, private_data->last_added_key);
1268 }
1269
1270 static void
1271 save_EncKDCRepPart_key(tvbuff_t *tvb, int offset, int length,
1272 asn1_ctx_t *actx, proto_tree *tree,
1273 int parent_hf_index,
1274 int hf_index)
1275 {
1276 save_encryption_key(tvb, offset, length, actx, tree, parent_hf_index, hf_index);
1277 }
1278
1279 static void
1280 save_EncTicketPart_key(tvbuff_t *tvb, int offset, int length,
1281 asn1_ctx_t *actx, proto_tree *tree,
1282 int parent_hf_index,
1283 int hf_index)
1284 {
1285 save_encryption_key(tvb, offset, length, actx, tree, parent_hf_index, hf_index);
1286 }
1287
1288 static void
1289 save_KrbCredInfo_key(tvbuff_t *tvb, int offset, int length,
1290 asn1_ctx_t *actx, proto_tree *tree,
1291 int parent_hf_index,
1292 int hf_index)
1293 {
1294 save_encryption_key(tvb, offset, length, actx, tree, parent_hf_index, hf_index);
1295 }
1296
1297 static void
1298 save_KrbFastResponse_strengthen_key(tvbuff_t *tvb, int offset, int length,
1299 asn1_ctx_t *actx, proto_tree *tree,
1300 int parent_hf_index,
1301 int hf_index)
1302 {
1303 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
1304
1305 save_encryption_key(tvb, offset, length, actx, tree, parent_hf_index, hf_index);
1306
1307 private_data->fast_strengthen_key = private_data->last_added_key;
1308 }
1309
1310 static void used_encryption_key(proto_tree *tree, packet_info *pinfo,
1311 kerberos_private_data_t *private_data,
1312 enc_key_t *ek, int usage, tvbuff_t *cryptotvb,
1313 const char *keymap_name,
1314 guint keymap_size,
1315 guint decryption_count)
1316 {
1317 proto_item *item = NULL;
1318 enc_key_t *sek = NULL;
1319
1320 item = proto_tree_add_expert_format(tree, pinfo, &ei_kerberos_decrypted_keytype,
1321 cryptotvb, 0, 0,
1322 "Decrypted keytype %d usage %d "
1323 "using %s (id=%s same=%u) (%02x%02x%02x%02x...)",
1324 ek->keytype, usage, ek->key_origin, ek->id_str, ek->num_same,
1325 ek->keyvalue[0] & 0xFF, ek->keyvalue[1] & 0xFF,
1326 ek->keyvalue[2] & 0xFF, ek->keyvalue[3] & 0xFF);
1327 expert_add_info_format(pinfo, item, &ei_kerberos_decrypted_keytype,
1328 "Used keymap=%s num_keys=%u num_tries=%u)",
1329 keymap_name,
1330 keymap_size,
1331 decryption_count);
1332 if (ek->src1 != NULL) {
1333 sek = ek->src1;
1334 expert_add_info_format(pinfo, item, &ei_kerberos_decrypted_keytype,
1335 "SRC1 %s keytype %d (id=%s same=%u) (%02x%02x%02x%02x...)",
1336 sek->key_origin, sek->keytype,
1337 sek->id_str, sek->num_same,
1338 sek->keyvalue[0] & 0xFF, sek->keyvalue[1] & 0xFF,
1339 sek->keyvalue[2] & 0xFF, sek->keyvalue[3] & 0xFF);
1340 }
1341 if (ek->src2 != NULL) {
1342 sek = ek->src2;
1343 expert_add_info_format(pinfo, item, &ei_kerberos_decrypted_keytype,
1344 "SRC2 %s keytype %d (id=%s same=%u) (%02x%02x%02x%02x...)",
1345 sek->key_origin, sek->keytype,
1346 sek->id_str, sek->num_same,
1347 sek->keyvalue[0] & 0xFF, sek->keyvalue[1] & 0xFF,
1348 sek->keyvalue[2] & 0xFF, sek->keyvalue[3] & 0xFF);
1349 }
1350 sek = ek->same_list;
1351 while (sek != NULL) {
1352 expert_add_info_format(pinfo, item, &ei_kerberos_decrypted_keytype,
1353 "Decrypted keytype %d usage %d "
1354 "using %s (id=%s same=%u) (%02x%02x%02x%02x...)",
1355 sek->keytype, usage, sek->key_origin, sek->id_str, sek->num_same,
1356 sek->keyvalue[0] & 0xFF, sek->keyvalue[1] & 0xFF,
1357 sek->keyvalue[2] & 0xFF, sek->keyvalue[3] & 0xFF);
1358 sek = sek->same_list;
1359 }
1360 kerberos_key_list_append(private_data->decryption_keys, ek);
1361 private_data->last_decryption_key = ek;
1362 }
1363 #endif /* HAVE_HEIMDAL_KERBEROS || HAVE_MIT_KERBEROS */
1364
1365 #ifdef HAVE_MIT_KERBEROS
1366
1367 static void missing_encryption_key(proto_tree *tree, packet_info *pinfo,
1368 kerberos_private_data_t *private_data,
1369 int keytype, int usage, tvbuff_t *cryptotvb,
1370 const char *keymap_name,
1371 guint keymap_size,
1372 guint decryption_count)
1373 {
1374 proto_item *item = NULL;
1375 enc_key_t *mek = NULL;
1376
1377 mek = wmem_new0(pinfo->pool, enc_key_t);
1378 g_snprintf(mek->key_origin, KRB_MAX_ORIG_LEN,
1379 "keytype %d usage %d missing in frame %u",
1380 keytype, usage, pinfo->num);
1381 mek->fd_num = pinfo->num;
1382 mek->id = ++private_data->missing_key_ids;
1383 g_snprintf(mek->id_str, KRB_MAX_ID_STR_LEN, "missing.%u",
1384 mek->id);
1385 mek->keytype=keytype;
1386
1387 item = proto_tree_add_expert_format(tree, pinfo, &ei_kerberos_missing_keytype,
1388 cryptotvb, 0, 0,
1389 "Missing keytype %d usage %d (id=%s)",
1390 keytype, usage, mek->id_str);
1391 expert_add_info_format(pinfo, item, &ei_kerberos_missing_keytype,
1392 "Used keymap=%s num_keys=%u num_tries=%u)",
1393 keymap_name,
1394 keymap_size,
1395 decryption_count);
1396
1397 kerberos_key_list_append(private_data->missing_keys, mek);
1398 }
1399
1400 #ifdef HAVE_KRB5_PAC_VERIFY
1401 static void used_signing_key(proto_tree *tree, packet_info *pinfo,
1402 kerberos_private_data_t *private_data,
1403 enc_key_t *ek, tvbuff_t *tvb,
1404 krb5_cksumtype checksum,
1405 const char *reason,
1406 const char *keymap_name,
1407 guint keymap_size,
1408 guint verify_count)
1409 {
1410 proto_item *item = NULL;
1411 enc_key_t *sek = NULL;
1412
1413 item = proto_tree_add_expert_format(tree, pinfo, &ei_kerberos_decrypted_keytype,
1414 tvb, 0, 0,
1415 "%s checksum %d keytype %d "
1416 "using %s (id=%s same=%u) (%02x%02x%02x%02x...)",
1417 reason, checksum, ek->keytype, ek->key_origin,
1418 ek->id_str, ek->num_same,
1419 ek->keyvalue[0] & 0xFF, ek->keyvalue[1] & 0xFF,
1420 ek->keyvalue[2] & 0xFF, ek->keyvalue[3] & 0xFF);
1421 expert_add_info_format(pinfo, item, &ei_kerberos_decrypted_keytype,
1422 "Used keymap=%s num_keys=%u num_tries=%u)",
1423 keymap_name,
1424 keymap_size,
1425 verify_count);
1426 sek = ek->same_list;
1427 while (sek != NULL) {
1428 expert_add_info_format(pinfo, item, &ei_kerberos_decrypted_keytype,
1429 "%s checksum %d keytype %d "
1430 "using %s (id=%s same=%u) (%02x%02x%02x%02x...)",
1431 reason, checksum, sek->keytype, sek->key_origin,
1432 sek->id_str, sek->num_same,
1433 sek->keyvalue[0] & 0xFF, sek->keyvalue[1] & 0xFF,
1434 sek->keyvalue[2] & 0xFF, sek->keyvalue[3] & 0xFF);
1435 sek = sek->same_list;
1436 }
1437 kerberos_key_list_append(private_data->decryption_keys, ek);
1438 }
1439
1440 static void missing_signing_key(proto_tree *tree, packet_info *pinfo,
1441 kerberos_private_data_t *private_data,
1442 tvbuff_t *tvb,
1443 krb5_cksumtype checksum,
1444 int keytype,
1445 const char *reason,
1446 const char *keymap_name,
1447 guint keymap_size,
1448 guint verify_count)
1449 {
1450 proto_item *item = NULL;
1451 enc_key_t *mek = NULL;
1452
1453 mek = wmem_new0(pinfo->pool, enc_key_t);
1454 g_snprintf(mek->key_origin, KRB_MAX_ORIG_LEN,
1455 "checksum %d keytype %d missing in frame %u",
1456 checksum, keytype, pinfo->num);
1457 mek->fd_num = pinfo->num;
1458 mek->id = ++private_data->missing_key_ids;
1459 g_snprintf(mek->id_str, KRB_MAX_ID_STR_LEN, "missing.%u",
1460 mek->id);
1461 mek->keytype=keytype;
1462
1463 item = proto_tree_add_expert_format(tree, pinfo, &ei_kerberos_missing_keytype,
1464 tvb, 0, 0,
1465 "%s checksum %d keytype %d (id=%s)",
1466 reason, checksum, keytype, mek->id_str);
1467 expert_add_info_format(pinfo, item, &ei_kerberos_missing_keytype,
1468 "Used keymap=%s num_keys=%u num_tries=%u)",
1469 keymap_name,
1470 keymap_size,
1471 verify_count);
1472
1473 kerberos_key_list_append(private_data->missing_keys, mek);
1474 }
1475
1476 #endif /* HAVE_KRB5_PAC_VERIFY */
1477
1478 static krb5_context krb5_ctx;
1479
1480 #ifdef HAVE_KRB5_C_FX_CF2_SIMPLE
1481 static void
1482 krb5_fast_key(asn1_ctx_t *actx, proto_tree *tree, tvbuff_t *tvb,
1483 enc_key_t *ek1 _U_, const char *p1 _U_,
1484 enc_key_t *ek2 _U_, const char *p2 _U_,
1485 const char *origin _U_)
1486 {
1487 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
1488 krb5_error_code ret;
1489 krb5_keyblock k1;
1490 krb5_keyblock k2;
1491 krb5_keyblock *k = NULL;
1492
1493 if (!krb_decrypt) {
1494 return;
1495 }
1496
1497 if (ek1 == NULL) {
1498 return;
1499 }
1500
1501 if (ek2 == NULL) {
1502 return;
1503 }
1504
1505 k1.magic = KV5M_KEYBLOCK;
1506 k1.enctype = ek1->keytype;
1507 k1.length = ek1->keylength;
1508 k1.contents = (guint8 *)ek1->keyvalue;
1509
1510 k2.magic = KV5M_KEYBLOCK;
1511 k2.enctype = ek2->keytype;
1512 k2.length = ek2->keylength;
1513 k2.contents = (guint8 *)ek2->keyvalue;
1514
1515 ret = krb5_c_fx_cf2_simple(krb5_ctx, &k1, p1, &k2, p2, &k);
1516 if (ret != 0) {
1517 return;
1518 }
1519
1520 add_encryption_key(actx->pinfo,
1521 private_data,
1522 tree, NULL, tvb,
1523 k->enctype, k->length,
1524 (const char *)k->contents,
1525 origin,
1526 ek1, ek2);
1527
1528 krb5_free_keyblock(krb5_ctx, k);
1529 }
1530 #else /* HAVE_KRB5_C_FX_CF2_SIMPLE */
1531 static void
1532 krb5_fast_key(asn1_ctx_t *actx _U_, proto_tree *tree _U_, tvbuff_t *tvb _U_,
1533 enc_key_t *ek1 _U_, const char *p1 _U_,
1534 enc_key_t *ek2 _U_, const char *p2 _U_,
1535 const char *origin _U_)
1536 {
1537 }
1538 #endif /* HAVE_KRB5_C_FX_CF2_SIMPLE */
1539
1540 USES_APPLE_DEPRECATED_API
1541 void
1542 read_keytab_file(const char *filename)
1543 {
1544 krb5_keytab keytab;
1545 krb5_error_code ret;
1546 krb5_keytab_entry key;
1547 krb5_kt_cursor cursor;
1548 static gboolean first_time=TRUE;
1549
1550 if (filename == NULL || filename[0] == 0) {
1551 return;
1552 }
1553
1554 if(first_time){
1555 first_time=FALSE;
1556 ret = krb5_init_context(&krb5_ctx);
1557 if(ret && ret != KRB5_CONFIG_CANTOPEN){
1558 return;
1559 }
1560 }
1561
1562 /* should use a file in the wireshark users dir */
1563 ret = krb5_kt_resolve(krb5_ctx, filename, &keytab);
1564 if(ret){
1565 fprintf(stderr, "KERBEROS ERROR: Badly formatted keytab filename :%s\n",filename);
1566
1567 return;
1568 }
1569
1570 ret = krb5_kt_start_seq_get(krb5_ctx, keytab, &cursor);
1571 if(ret){
1572 fprintf(stderr, "KERBEROS ERROR: Could not open or could not read from keytab file :%s\n",filename);
1573 return;
1574 }
1575
1576 do{
1577 ret = krb5_kt_next_entry(krb5_ctx, keytab, &key, &cursor);
1578 if(ret==0){
1579 enc_key_t *new_key;
1580 int i;
1581 char *pos;
1582
1583 new_key = wmem_new0(wmem_epan_scope(), enc_key_t);
1584 new_key->fd_num = -1;
1585 new_key->id = ++kerberos_longterm_ids;
1586 g_snprintf(new_key->id_str, KRB_MAX_ID_STR_LEN, "keytab.%u", new_key->id);
1587 new_key->next = enc_key_list;
1588
1589 /* generate origin string, describing where this key came from */
1590 pos=new_key->key_origin;
1591 pos+=MIN(KRB_MAX_ORIG_LEN,
1592 g_snprintf(pos, KRB_MAX_ORIG_LEN, "keytab principal "));
1593 for(i=0;i<key.principal->length;i++){
1594 pos+=MIN(KRB_MAX_ORIG_LEN-(pos-new_key->key_origin),
1595 g_snprintf(pos, (gulong)(KRB_MAX_ORIG_LEN-(pos-new_key->key_origin)), "%s%s",(i?"/":""),(key.principal->data[i]).data));
1596 }
1597 pos+=MIN(KRB_MAX_ORIG_LEN-(pos-new_key->key_origin),
1598 g_snprintf(pos, (gulong)(KRB_MAX_ORIG_LEN-(pos-new_key->key_origin)), "@%s",key.principal->realm.data));
1599 *pos=0;
1600 new_key->keytype=key.key.enctype;
1601 new_key->keylength=key.key.length;
1602 memcpy(new_key->keyvalue,
1603 key.key.contents,
1604 MIN(key.key.length, KRB_MAX_KEY_LENGTH));
1605
1606 enc_key_list=new_key;
1607 ret = krb5_free_keytab_entry_contents(krb5_ctx, &key);
1608 if (ret) {
1609 fprintf(stderr, "KERBEROS ERROR: Could not release the entry: %d", ret);
1610 ret = 0; /* try to continue with the next entry */
1611 }
1612 kerberos_key_map_insert(kerberos_longterm_keys, new_key);
1613 }
1614 }while(ret==0);
1615
1616 ret = krb5_kt_end_seq_get(krb5_ctx, keytab, &cursor);
1617 if(ret){
1618 fprintf(stderr, "KERBEROS ERROR: Could not release the keytab cursor: %d", ret);
1619 }
1620 ret = krb5_kt_close(krb5_ctx, keytab);
1621 if(ret){
1622 fprintf(stderr, "KERBEROS ERROR: Could not close the key table handle: %d", ret);
1623 }
1624 }
1625
1626 struct decrypt_krb5_with_cb_state {
1627 proto_tree *tree;
1628 packet_info *pinfo;
1629 kerberos_private_data_t *private_data;
1630 int usage;
1631 int keytype;
1632 tvbuff_t *cryptotvb;
1633 krb5_error_code (*decrypt_cb_fn)(
1634 const krb5_keyblock *key,
1635 int usage,
1636 void *decrypt_cb_data);
1637 void *decrypt_cb_data;
1638 guint count;
1639 enc_key_t *ek;
1640 };
1641
1642 static void
1643 decrypt_krb5_with_cb_try_key(gpointer __key _U_, gpointer value, gpointer userdata)
1644 {
1645 struct decrypt_krb5_with_cb_state *state =
1646 (struct decrypt_krb5_with_cb_state *)userdata;
1647 enc_key_t *ek = (enc_key_t *)value;
1648 krb5_error_code ret;
1649 krb5_keytab_entry key;
1650 #ifdef HAVE_KRB5_C_FX_CF2_SIMPLE
1651 enc_key_t *ak = state->private_data->fast_armor_key;
1652 enc_key_t *sk = state->private_data->fast_strengthen_key;
1653 gboolean try_with_armor_key = FALSE;
1654 gboolean try_with_strengthen_key = FALSE;
1655 #endif
1656
1657 if (state->ek != NULL) {
1658 /*
1659 * we're done.
1660 */
1661 return;
1662 }
1663
1664 #ifdef HAVE_KRB5_C_FX_CF2_SIMPLE
1665 if (ak != NULL && ak != ek && ak->keytype == state->keytype && ek->fd_num == -1) {
1666 switch (state->usage) {
1667 case KEY_USAGE_ENC_CHALLENGE_CLIENT:
1668 case KEY_USAGE_ENC_CHALLENGE_KDC:
1669 if (ek->fd_num == -1) {
1670 /* Challenges are based on a long term key */
1671 try_with_armor_key = TRUE;
1672 }
1673 break;
1674 }
1675
1676 /*
1677 * If we already have a strengthen_key
1678 * we don't need to try with the armor key
1679 * again
1680 */
1681 if (sk != NULL) {
1682 try_with_armor_key = FALSE;
1683 }
1684 }
1685
1686 if (sk != NULL && sk != ek && sk->keytype == state->keytype && sk->keytype == ek->keytype) {
1687 switch (state->usage) {
1688 case 3:
1689 if (ek->fd_num == -1) {
1690 /* AS-REP is based on a long term key */
1691 try_with_strengthen_key = TRUE;
1692 }
1693 break;
1694 case 8:
1695 case 9:
1696 if (ek->fd_num != -1) {
1697 /* TGS-REP is not based on a long term key */
1698 try_with_strengthen_key = TRUE;
1699 }
1700 break;
1701 }
1702 }
1703
1704 if (try_with_armor_key) {
1705 krb5_keyblock k1;
1706 krb5_keyblock k2;
1707 krb5_keyblock *k = NULL;
1708 const char *p1 = NULL;
1709
1710 k1.magic = KV5M_KEYBLOCK;
1711 k1.enctype = ak->keytype;
1712 k1.length = ak->keylength;
1713 k1.contents = (guint8 *)ak->keyvalue;
1714
1715 k2.magic = KV5M_KEYBLOCK;
1716 k2.enctype = ek->keytype;
1717 k2.length = ek->keylength;
1718 k2.contents = (guint8 *)ek->keyvalue;
1719
1720 switch (state->usage) {
1721 case KEY_USAGE_ENC_CHALLENGE_CLIENT:
1722 p1 = "clientchallengearmor";
1723 break;
1724 case KEY_USAGE_ENC_CHALLENGE_KDC:
1725 p1 = "kdcchallengearmor";
1726 break;
1727 default:
1728 /*
1729 * Should never be called!
1730 */
1731 /*
1732 * try the next one...
1733 */
1734 return;
1735 }
1736
1737 ret = krb5_c_fx_cf2_simple(krb5_ctx,
1738 &k1, p1,
1739 &k2, "challengelongterm",
1740 &k);
1741 if (ret != 0) {
1742 /*
1743 * try the next one...
1744 */
1745 return;
1746 }
1747
1748 state->count += 1;
1749 ret = state->decrypt_cb_fn(k,
1750 state->usage,
1751 state->decrypt_cb_data);
1752 if (ret == 0) {
1753 add_encryption_key(state->pinfo,
1754 state->private_data,
1755 state->tree,
1756 NULL,
1757 state->cryptotvb,
1758 k->enctype, k->length,
1759 (const char *)k->contents,
1760 p1,
1761 ak, ek);
1762 krb5_free_keyblock(krb5_ctx, k);
1763 /*
1764 * remember the key and stop traversing
1765 */
1766 state->ek = state->private_data->last_added_key;
1767 return;
1768 }
1769 krb5_free_keyblock(krb5_ctx, k);
1770 /*
1771 * don't stop traversing...
1772 * try the next one...
1773 */
1774 return;
1775 }
1776
1777 if (try_with_strengthen_key) {
1778 krb5_keyblock k1;
1779 krb5_keyblock k2;
1780 krb5_keyblock *k = NULL;
1781
1782 k1.magic = KV5M_KEYBLOCK;
1783 k1.enctype = sk->keytype;
1784 k1.length = sk->keylength;
1785 k1.contents = (guint8 *)sk->keyvalue;
1786
1787 k2.magic = KV5M_KEYBLOCK;
1788 k2.enctype = ek->keytype;
1789 k2.length = ek->keylength;
1790 k2.contents = (guint8 *)ek->keyvalue;
1791
1792 ret = krb5_c_fx_cf2_simple(krb5_ctx,
1793 &k1, "strengthenkey",
1794 &k2, "replykey",
1795 &k);
1796 if (ret != 0) {
1797 /*
1798 * try the next one...
1799 */
1800 return;
1801 }
1802
1803 state->count += 1;
1804 ret = state->decrypt_cb_fn(k,
1805 state->usage,
1806 state->decrypt_cb_data);
1807 if (ret == 0) {
1808 add_encryption_key(state->pinfo,
1809 state->private_data,
1810 state->tree,
1811 NULL,
1812 state->cryptotvb,
1813 k->enctype, k->length,
1814 (const char *)k->contents,
1815 "strengthen-reply-key",
1816 sk, ek);
1817 krb5_free_keyblock(krb5_ctx, k);
1818 /*
1819 * remember the key and stop traversing
1820 */
1821 state->ek = state->private_data->last_added_key;
1822 return;
1823 }
1824 krb5_free_keyblock(krb5_ctx, k);
1825 /*
1826 * don't stop traversing...
1827 * try the next one...
1828 */
1829 return;
1830 }
1831 #endif /* HAVE_KRB5_C_FX_CF2_SIMPLE */
1832
1833 /* shortcircuit and bail out if enctypes are not matching */
1834 if ((state->keytype != -1) && (ek->keytype != state->keytype)) {
1835 /*
1836 * don't stop traversing...
1837 * try the next one...
1838 */
1839 return;
1840 }
1841
1842 key.key.enctype=ek->keytype;
1843 key.key.length=ek->keylength;
1844 key.key.contents=ek->keyvalue;
1845 state->count += 1;
1846 ret = state->decrypt_cb_fn(&(key.key),
1847 state->usage,
1848 state->decrypt_cb_data);
1849 if (ret != 0) {
1850 /*
1851 * don't stop traversing...
1852 * try the next one...
1853 */
1854 return;
1855 }
1856
1857 /*
1858 * we're done, remember the key
1859 */
1860 state->ek = ek;
1861 }
1862
1863 static krb5_error_code
1864 decrypt_krb5_with_cb(proto_tree *tree,
1865 packet_info *pinfo,
1866 kerberos_private_data_t *private_data,
1867 int usage,
1868 int keytype,
1869 tvbuff_t *cryptotvb,
1870 krb5_error_code (*decrypt_cb_fn)(
1871 const krb5_keyblock *key,
1872 int usage,
1873 void *decrypt_cb_data),
1874 void *decrypt_cb_data)
1875 {
1876 const char *key_map_name = NULL;
1877 wmem_map_t *key_map = NULL;
1878 struct decrypt_krb5_with_cb_state state = {
1879 .tree = tree,
1880 .pinfo = pinfo,
1881 .private_data = private_data,
1882 .usage = usage,
1883 .cryptotvb = cryptotvb,
1884 .keytype = keytype,
1885 .decrypt_cb_fn = decrypt_cb_fn,
1886 .decrypt_cb_data = decrypt_cb_data,
1887 };
1888
1889 read_keytab_file_from_preferences();
1890
1891 switch (usage) {
1892 case KRB5_KU_USAGE_INITIATOR_SEAL:
1893 case KRB5_KU_USAGE_ACCEPTOR_SEAL:
1894 key_map_name = "app_session_keys";
1895 key_map = kerberos_app_session_keys;
1896 break;
1897 default:
1898 key_map_name = "all_keys";
1899 key_map = kerberos_all_keys;
1900 insert_longterm_keys_into_key_map(key_map);
1901 break;
1902 }
1903
1904 wmem_map_foreach(key_map, decrypt_krb5_with_cb_try_key, &state);
1905 if (state.ek != NULL) {
1906 used_encryption_key(tree, pinfo, private_data,
1907 state.ek, usage, cryptotvb,
1908 key_map_name,
1909 wmem_map_size(key_map),
1910 state.count);
1911 return 0;
1912 }
1913
1914 missing_encryption_key(tree, pinfo, private_data,
1915 keytype, usage, cryptotvb,
1916 key_map_name,
1917 wmem_map_size(key_map),
1918 state.count);
1919 return -1;
1920 }
1921
1922 struct decrypt_krb5_data_state {
1923 krb5_data input;
1924 krb5_data output;
1925 };
1926
1927 static krb5_error_code
1928 decrypt_krb5_data_cb(const krb5_keyblock *key,
1929 int usage,
1930 void *decrypt_cb_data)
1931 {
1932 struct decrypt_krb5_data_state *state =
1933 (struct decrypt_krb5_data_state *)decrypt_cb_data;
1934 krb5_enc_data input;
1935
1936 memset(&input, 0, sizeof(input));
1937 input.enctype = key->enctype;
1938 input.ciphertext = state->input;
1939
1940 return krb5_c_decrypt(krb5_ctx,
1941 key,
1942 usage,
1943 0,
1944 &input,
1945 &state->output);
1946 }
1947
1948 static guint8 *
1949 decrypt_krb5_data_private(proto_tree *tree _U_, packet_info *pinfo,
1950 kerberos_private_data_t *private_data,
1951 int usage, tvbuff_t *cryptotvb, int keytype,
1952 int *datalen)
1953 {
1954 #define HAVE_DECRYPT_KRB5_DATA_PRIVATE 1
1955 struct decrypt_krb5_data_state state;
1956 krb5_error_code ret;
1957 int length = tvb_captured_length(cryptotvb);
1958 const guint8 *cryptotext = tvb_get_ptr(cryptotvb, 0, length);
1959
1960 /* don't do anything if we are not attempting to decrypt data */
1961 if(!krb_decrypt || length < 1){
1962 return NULL;
1963 }
1964
1965 /* make sure we have all the data we need */
1966 if (tvb_captured_length(cryptotvb) < tvb_reported_length(cryptotvb)) {
1967 return NULL;
1968 }
1969
1970 memset(&state, 0, sizeof(state));
1971 state.input.length = length;
1972 state.input.data = (guint8 *)cryptotext;
1973 state.output.data = (char *)wmem_alloc(pinfo->pool, length);
1974 state.output.length = length;
1975
1976 ret = decrypt_krb5_with_cb(tree,
1977 pinfo,
1978 private_data,
1979 usage,
1980 keytype,
1981 cryptotvb,
1982 decrypt_krb5_data_cb,
1983 &state);
1984 if (ret != 0) {
1985 return NULL;
1986 }
1987
1988 if (datalen) {
1989 *datalen = state.output.length;
1990 }
1991 return (guint8 *)state.output.data;
1992 }
1993
1994 guint8 *
1995 decrypt_krb5_data(proto_tree *tree _U_, packet_info *pinfo,
1996 int usage,
1997 tvbuff_t *cryptotvb,
1998 int keytype,
1999 int *datalen)
2000 {
2001 kerberos_private_data_t *zero_private = kerberos_new_private_data(pinfo);
2002 return decrypt_krb5_data_private(tree, pinfo, zero_private,
2003 usage, cryptotvb, keytype,
2004 datalen);
2005 }
2006
2007 USES_APPLE_RST
2008
2009 #ifdef KRB5_CRYPTO_TYPE_SIGN_ONLY
2010 struct decrypt_krb5_krb_cfx_dce_state {
2011 const guint8 *gssapi_header_ptr;
2012 guint gssapi_header_len;
2013 tvbuff_t *gssapi_encrypted_tvb;
2014 guint8 *gssapi_payload;
2015 guint gssapi_payload_len;
2016 const guint8 *gssapi_trailer_ptr;
2017 guint gssapi_trailer_len;
2018 tvbuff_t *checksum_tvb;
2019 guint8 *checksum;
2020 guint checksum_len;
2021 };
2022
2023 static krb5_error_code
2024 decrypt_krb5_krb_cfx_dce_cb(const krb5_keyblock *key,
2025 int usage,
2026 void *decrypt_cb_data)
2027 {
2028 struct decrypt_krb5_krb_cfx_dce_state *state =
2029 (struct decrypt_krb5_krb_cfx_dce_state *)decrypt_cb_data;
2030 unsigned int k5_headerlen = 0;
2031 unsigned int k5_headerofs = 0;
2032 unsigned int k5_trailerlen = 0;
2033 unsigned int k5_trailerofs = 0;
2034 size_t _k5_blocksize = 0;
2035 guint k5_blocksize;
2036 krb5_crypto_iov iov[6];
2037 krb5_error_code ret;
2038 guint checksum_remain = state->checksum_len;
2039 guint checksum_crypt_len;
2040
2041 memset(iov, 0, sizeof(iov));
2042
2043 ret = krb5_c_crypto_length(krb5_ctx,
2044 key->enctype,
2045 KRB5_CRYPTO_TYPE_HEADER,
2046 &k5_headerlen);
2047 if (ret != 0) {
2048 return ret;
2049 }
2050 if (checksum_remain < k5_headerlen) {
2051 return -1;
2052 }
2053 checksum_remain -= k5_headerlen;
2054 k5_headerofs = checksum_remain;
2055 ret = krb5_c_crypto_length(krb5_ctx,
2056 key->enctype,
2057 KRB5_CRYPTO_TYPE_TRAILER,
2058 &k5_trailerlen);
2059 if (ret != 0) {
2060 return ret;
2061 }
2062 if (checksum_remain < k5_trailerlen) {
2063 return -1;
2064 }
2065 checksum_remain -= k5_trailerlen;
2066 k5_trailerofs = checksum_remain;
2067 checksum_crypt_len = checksum_remain;
2068
2069 ret = krb5_c_block_size(krb5_ctx,
2070 key->enctype,
2071 &_k5_blocksize);
2072 if (ret != 0) {
2073 return ret;
2074 }
2075 /*
2076 * The cast is required for the Windows build in order
2077 * to avoid the following warning.
2078 *
2079 * warning C4267: '-=': conversion from 'size_t' to 'guint',
2080 * possible loss of data
2081 */
2082 k5_blocksize = (guint)_k5_blocksize;
2083 if (checksum_remain < k5_blocksize) {
2084 return -1;
2085 }
2086 checksum_remain -= k5_blocksize;
2087 if (checksum_remain < 16) {
2088 return -1;
2089 }
2090
2091 tvb_memcpy(state->gssapi_encrypted_tvb,
2092 state->gssapi_payload,
2093 0,
2094 state->gssapi_payload_len);
2095 tvb_memcpy(state->checksum_tvb,
2096 state->checksum,
2097 0,
2098 state->checksum_len);
2099
2100 iov[0].flags = KRB5_CRYPTO_TYPE_HEADER;
2101 iov[0].data.data = state->checksum + k5_headerofs;
2102 iov[0].data.length = k5_headerlen;
2103
2104 if (state->gssapi_header_ptr != NULL) {
2105 iov[1].flags = KRB5_CRYPTO_TYPE_SIGN_ONLY;
2106 iov[1].data.data = (guint8 *)(guintptr)state->gssapi_header_ptr;
2107 iov[1].data.length = state->gssapi_header_len;
2108 } else {
2109 iov[1].flags = KRB5_CRYPTO_TYPE_EMPTY;
2110 }
2111
2112 iov[2].flags = KRB5_CRYPTO_TYPE_DATA;
2113 iov[2].data.data = state->gssapi_payload;
2114 iov[2].data.length = state->gssapi_payload_len;
2115
2116 if (state->gssapi_trailer_ptr != NULL) {
2117 iov[3].flags = KRB5_CRYPTO_TYPE_SIGN_ONLY;
2118 iov[3].data.data = (guint8 *)(guintptr)state->gssapi_trailer_ptr;
2119 iov[3].data.length = state->gssapi_trailer_len;
2120 } else {
2121 iov[3].flags = KRB5_CRYPTO_TYPE_EMPTY;
2122 }
2123
2124 iov[4].flags = KRB5_CRYPTO_TYPE_DATA;
2125 iov[4].data.data = state->checksum;
2126 iov[4].data.length = checksum_crypt_len;
2127
2128 iov[5].flags = KRB5_CRYPTO_TYPE_TRAILER;
2129 iov[5].data.data = state->checksum + k5_trailerofs;
2130 iov[5].data.length = k5_trailerlen;
2131
2132 return krb5_c_decrypt_iov(krb5_ctx,
2133 key,
2134 usage,
2135 0,
2136 iov,
2137 6);
2138 }
2139
2140 tvbuff_t *
2141 decrypt_krb5_krb_cfx_dce(proto_tree *tree,
2142 packet_info *pinfo,
2143 int usage,
2144 int keytype,
2145 tvbuff_t *gssapi_header_tvb,
2146 tvbuff_t *gssapi_encrypted_tvb,
2147 tvbuff_t *gssapi_trailer_tvb,
2148 tvbuff_t *checksum_tvb)
2149 {
2150 struct decrypt_krb5_krb_cfx_dce_state state;
2151 kerberos_private_data_t *zero_private = kerberos_new_private_data(pinfo);
2152 tvbuff_t *gssapi_decrypted_tvb = NULL;
2153 krb5_error_code ret;
2154
2155 /* don't do anything if we are not attempting to decrypt data */
2156 if (!krb_decrypt) {
2157 return NULL;
2158 }
2159
2160 memset(&state, 0, sizeof(state));
2161
2162 /* make sure we have all the data we need */
2163 #define __CHECK_TVB_LEN(__tvb) (tvb_captured_length(__tvb) < tvb_reported_length(__tvb))
2164 if (gssapi_header_tvb != NULL) {
2165 if (__CHECK_TVB_LEN(gssapi_header_tvb)) {
2166 return NULL;
2167 }
2168
2169 state.gssapi_header_len = tvb_captured_length(gssapi_header_tvb);
2170 state.gssapi_header_ptr = tvb_get_ptr(gssapi_header_tvb,
2171 0,
2172 state.gssapi_header_len);
2173 }
2174 if (gssapi_encrypted_tvb == NULL || __CHECK_TVB_LEN(gssapi_encrypted_tvb)) {
2175 return NULL;
2176 }
2177 state.gssapi_encrypted_tvb = gssapi_encrypted_tvb;
2178 state.gssapi_payload_len = tvb_captured_length(gssapi_encrypted_tvb);
2179 state.gssapi_payload = (guint8 *)wmem_alloc0(pinfo->pool, state.gssapi_payload_len);
2180 if (state.gssapi_payload == NULL) {
2181 return NULL;
2182 }
2183 if (gssapi_trailer_tvb != NULL) {
2184 if (__CHECK_TVB_LEN(gssapi_trailer_tvb)) {
2185 return NULL;
2186 }
2187
2188 state.gssapi_trailer_len = tvb_captured_length(gssapi_trailer_tvb);
2189 state.gssapi_trailer_ptr = tvb_get_ptr(gssapi_trailer_tvb,
2190 0,
2191 state.gssapi_trailer_len);
2192 }
2193 if (checksum_tvb == NULL || __CHECK_TVB_LEN(checksum_tvb)) {
2194 return NULL;
2195 }
2196 state.checksum_tvb = checksum_tvb;
2197 state.checksum_len = tvb_captured_length(checksum_tvb);
2198 state.checksum = (guint8 *)wmem_alloc0(pinfo->pool, state.checksum_len);
2199 if (state.checksum == NULL) {
2200 return NULL;
2201 }
2202
2203 ret = decrypt_krb5_with_cb(tree,
2204 pinfo,
2205 zero_private,
2206 usage,
2207 keytype,
2208 gssapi_encrypted_tvb,
2209 decrypt_krb5_krb_cfx_dce_cb,
2210 &state);
2211 wmem_free(pinfo->pool, state.checksum);
2212 if (ret != 0) {
2213 wmem_free(pinfo->pool, state.gssapi_payload);
2214 return NULL;
2215 }
2216
2217 gssapi_decrypted_tvb = tvb_new_child_real_data(gssapi_encrypted_tvb,
2218 state.gssapi_payload,
2219 state.gssapi_payload_len,
2220 state.gssapi_payload_len);
2221 if (gssapi_decrypted_tvb == NULL) {
2222 wmem_free(pinfo->pool, state.gssapi_payload);
2223 return NULL;
2224 }
2225
2226 return gssapi_decrypted_tvb;
2227 }
2228 #else /* NOT KRB5_CRYPTO_TYPE_SIGN_ONLY */
2229 #define NEED_DECRYPT_KRB5_KRB_CFX_DCE_NOOP 1
2230 #endif /* NOT KRB5_CRYPTO_TYPE_SIGN_ONLY */
2231
2232 #ifdef HAVE_KRB5_PAC_VERIFY
2233 /*
2234 * macOS up to 10.14.5 only has a MIT shim layer on top
2235 * of heimdal. It means that krb5_pac_verify() is not available
2236 * in /usr/lib/libkrb5.dylib
2237 *
2238 * https://opensource.apple.com/tarballs/Heimdal/Heimdal-520.260.1.tar.gz
2239 * https://opensource.apple.com/tarballs/MITKerberosShim/MITKerberosShim-71.200.1.tar.gz
2240 */
2241
2242 extern krb5_error_code
2243 krb5int_c_mandatory_cksumtype(krb5_context, krb5_enctype, krb5_cksumtype *);
2244
2245 extern void krb5_free_enc_tkt_part(krb5_context, krb5_enc_tkt_part *);
2246 extern krb5_error_code
2247 decode_krb5_enc_tkt_part(const krb5_data *output, krb5_enc_tkt_part **rep);
2248 extern krb5_error_code
2249 encode_krb5_enc_tkt_part(const krb5_enc_tkt_part *rep, krb5_data **code);
2250
2251 static int
2252 keytype_for_cksumtype(krb5_cksumtype checksum)
2253 {
2254 #define _ARRAY_SIZE(X) (sizeof(X) / sizeof((X)[0]))
2255 static const int keytypes[] = {
2256 18,
2257 17,
2258 23,
2259 };
2260 guint i;
2261
2262 for (i = 0; i < _ARRAY_SIZE(keytypes); i++) {
2263 krb5_cksumtype checksumtype = 0;
2264 krb5_error_code ret;
2265
2266 ret = krb5int_c_mandatory_cksumtype(krb5_ctx,
2267 keytypes[i],
2268 &checksumtype);
2269 if (ret != 0) {
2270 continue;
2271 }
2272 if (checksum == checksumtype) {
2273 return keytypes[i];
2274 }
2275 }
2276
2277 return -1;
2278 }
2279
2280 struct verify_krb5_pac_state {
2281 krb5_pac pac;
2282 krb5_cksumtype server_checksum;
2283 guint server_count;
2284 enc_key_t *server_ek;
2285 krb5_cksumtype kdc_checksum;
2286 guint kdc_count;
2287 enc_key_t *kdc_ek;
2288 krb5_cksumtype ticket_checksum_type;
2289 const krb5_data *ticket_checksum_data;
2290 };
2291
2292 static void
2293 verify_krb5_pac_try_server_key(gpointer __key _U_, gpointer value, gpointer userdata)
2294 {
2295 struct verify_krb5_pac_state *state =
2296 (struct verify_krb5_pac_state *)userdata;
2297 enc_key_t *ek = (enc_key_t *)value;
2298 krb5_keyblock keyblock;
2299 krb5_cksumtype checksumtype = 0;
2300 krb5_error_code ret;
2301
2302 if (state->server_checksum == 0) {
2303 /*
2304 * nothing more todo, stop traversing.
2305 */
2306 return;
2307 }
2308
2309 if (state->server_ek != NULL) {
2310 /*
2311 * we're done.
2312 */
2313 return;
2314 }
2315
2316 ret = krb5int_c_mandatory_cksumtype(krb5_ctx, ek->keytype,
2317 &checksumtype);
2318 if (ret != 0) {
2319 /*
2320 * the key is not usable, keep traversing.
2321 * try the next key...
2322 */
2323 return;
2324 }
2325
2326 keyblock.magic = KV5M_KEYBLOCK;
2327 keyblock.enctype = ek->keytype;
2328 keyblock.length = ek->keylength;
2329 keyblock.contents = (guint8 *)ek->keyvalue;
2330
2331 if (checksumtype == state->server_checksum) {
2332 state->server_count += 1;
2333 ret = krb5_pac_verify(krb5_ctx, state->pac, 0, NULL,
2334 &keyblock, NULL);
2335 if (ret == 0) {
2336 state->server_ek = ek;
2337 }
2338 }
2339 }
2340
2341 static void
2342 verify_krb5_pac_try_kdc_key(gpointer __key _U_, gpointer value, gpointer userdata)
2343 {
2344 struct verify_krb5_pac_state *state =
2345 (struct verify_krb5_pac_state *)userdata;
2346 enc_key_t *ek = (enc_key_t *)value;
2347 krb5_keyblock keyblock;
2348 krb5_cksumtype checksumtype = 0;
2349 krb5_error_code ret;
2350
2351 if (state->kdc_checksum == 0) {
2352 /*
2353 * nothing more todo, stop traversing.
2354 */
2355 return;
2356 }
2357
2358 if (state->kdc_ek != NULL) {
2359 /*
2360 * we're done.
2361 */
2362 return;
2363 }
2364
2365 ret = krb5int_c_mandatory_cksumtype(krb5_ctx, ek->keytype,
2366 &checksumtype);
2367 if (ret != 0) {
2368 /*
2369 * the key is not usable, keep traversing.
2370 * try the next key...
2371 */
2372 return;
2373 }
2374
2375 keyblock.magic = KV5M_KEYBLOCK;
2376 keyblock.enctype = ek->keytype;
2377 keyblock.length = ek->keylength;
2378 keyblock.contents = (guint8 *)ek->keyvalue;
2379
2380 if (checksumtype == state->kdc_checksum) {
2381 state->kdc_count += 1;
2382 ret = krb5_pac_verify(krb5_ctx, state->pac, 0, NULL,
2383 NULL, &keyblock);
2384 if (ret == 0) {
2385 state->kdc_ek = ek;
2386 }
2387 }
2388 }
2389
2390 #define __KRB5_PAC_TICKET_CHECKSUM 16
2391
2392 static void
2393 verify_krb5_pac_ticket_checksum(proto_tree *tree _U_,
2394 asn1_ctx_t *actx _U_,
2395 tvbuff_t *pactvb _U_,
2396 struct verify_krb5_pac_state *state _U_)
2397 {
2398 #ifdef HAVE_DECODE_KRB5_ENC_TKT_PART
2399 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
2400 tvbuff_t *teptvb = private_data->last_ticket_enc_part_tvb;
2401 guint teplength = 0;
2402 const guint8 *tepbuffer = NULL;
2403 krb5_data tepdata = { .length = 0, };
2404 krb5_enc_tkt_part *tep = NULL;
2405 krb5_data *tmpdata = NULL;
2406 krb5_error_code ret;
2407 krb5_authdata **recoded_container = NULL;
2408 gint ad_orig_idx = -1;
2409 krb5_authdata *ad_orig_ptr = NULL;
2410 gint l0idx = 0;
2411 krb5_keyblock kdc_key = { .magic = KV5M_KEYBLOCK, };
2412 size_t checksum_length = 0;
2413 krb5_checksum checksum = { .checksum_type = 0, };
2414 krb5_boolean valid = FALSE;
2415
2416 if (state->kdc_ek == NULL) {
2417 int keytype = keytype_for_cksumtype(state->ticket_checksum_type);
2418 missing_signing_key(tree, actx->pinfo, private_data,
2419 pactvb, state->ticket_checksum_type,
2420 keytype,
2421 "Missing KDC (for ticket)",
2422 "kdc_checksum_key",
2423 0,
2424 0);
2425 return;
2426 }
2427
2428 if (teptvb == NULL) {
2429 return;
2430 }
2431
2432 teplength = tvb_captured_length(teptvb);
2433 /* make sure we have all the data we need */
2434 if (teplength < tvb_reported_length(teptvb)) {
2435 return;
2436 }
2437
2438 tepbuffer = tvb_get_ptr(teptvb, 0, teplength);
2439 if (tepbuffer == NULL) {
2440 return;
2441 }
2442
2443 kdc_key.magic = KV5M_KEYBLOCK;
2444 kdc_key.enctype = state->kdc_ek->keytype;
2445 kdc_key.length = state->kdc_ek->keylength;
2446 kdc_key.contents = (guint8 *)state->kdc_ek->keyvalue;
2447
2448 checksum.checksum_type = state->ticket_checksum_type;
2449 checksum.length = state->ticket_checksum_data->length;
2450 checksum.contents = (guint8 *)state->ticket_checksum_data->data;
2451 if (checksum.length >= 4) {
2452 checksum.length -= 4;
2453 checksum.contents += 4;
2454 }
2455
2456 ret = krb5_c_checksum_length(krb5_ctx,
2457 checksum.checksum_type,
2458 &checksum_length);
2459 if (ret != 0) {
2460 missing_signing_key(tree, actx->pinfo, private_data,
2461 pactvb, state->ticket_checksum_type,
2462 state->kdc_ek->keytype,
2463 "krb5_c_checksum_length failed for Ticket Signature",
2464 "kdc_checksum_key",
2465 1,
2466 0);
2467 return;
2468 }
2469 checksum.length = MIN(checksum.length, (unsigned int)checksum_length);
2470
2471 tepdata.data = (void *)(uintptr_t)tepbuffer;
2472 tepdata.length = teplength;
2473
2474 ret = decode_krb5_enc_tkt_part(&tepdata, &tep);
2475 if (ret != 0) {
2476 missing_signing_key(tree, actx->pinfo, private_data,
2477 pactvb, state->ticket_checksum_type,
2478 state->kdc_ek->keytype,
2479 "decode_krb5_enc_tkt_part failed",
2480 "kdc_checksum_key",
2481 1,
2482 0);
2483 return;
2484 }
2485
2486 for (l0idx = 0; tep->authorization_data[l0idx]; l0idx++) {
2487 krb5_authdata *adl0 = tep->authorization_data[l0idx];
2488 krb5_authdata **decoded_container = NULL;
2489 krb5_authdata *ad_pac = NULL;
2490 gint l1idx = 0;
2491
2492 if (adl0->ad_type != KRB5_AUTHDATA_IF_RELEVANT) {
2493 continue;
2494 }
2495
2496 ret = krb5_decode_authdata_container(krb5_ctx,
2497 KRB5_AUTHDATA_IF_RELEVANT,
2498 adl0,
2499 &decoded_container);
2500 if (ret != 0) {
2501 missing_signing_key(tree, actx->pinfo, private_data,
2502 pactvb, state->ticket_checksum_type,
2503 state->kdc_ek->keytype,
2504 "krb5_decode_authdata_container failed",
2505 "kdc_checksum_key",
2506 1,
2507 0);
2508 krb5_free_enc_tkt_part(krb5_ctx, tep);
2509 return;
2510 }
2511
2512 for (l1idx = 0; decoded_container[l1idx]; l1idx++) {
2513 krb5_authdata *adl1 = decoded_container[l1idx];
2514
2515 if (adl1->ad_type != KRB5_AUTHDATA_WIN2K_PAC) {
2516 continue;
2517 }
2518
2519 ad_pac = adl1;
2520 break;
2521 }
2522
2523 if (ad_pac == NULL) {
2524 krb5_free_authdata(krb5_ctx, decoded_container);
2525 continue;
2526 }
2527
2528 ad_pac->length = 1;
2529 ad_pac->contents[0] = '\0';
2530
2531 ret = krb5_encode_authdata_container(krb5_ctx,
2532 KRB5_AUTHDATA_IF_RELEVANT,
2533 decoded_container,
2534 &recoded_container);
2535 krb5_free_authdata(krb5_ctx, decoded_container);
2536 decoded_container = NULL;
2537 if (ret != 0) {
2538 missing_signing_key(tree, actx->pinfo, private_data,
2539 pactvb, state->ticket_checksum_type,
2540 state->kdc_ek->keytype,
2541 "krb5_encode_authdata_container failed",
2542 "kdc_checksum_key",
2543 1,
2544 0);
2545 krb5_free_enc_tkt_part(krb5_ctx, tep);
2546 return;
2547 }
2548
2549 ad_orig_idx = l0idx;
2550 ad_orig_ptr = adl0;
2551 tep->authorization_data[l0idx] = recoded_container[0];
2552 break;
2553 }
2554
2555 ret = encode_krb5_enc_tkt_part(tep, &tmpdata);
2556 if (ad_orig_ptr != NULL) {
2557 tep->authorization_data[ad_orig_idx] = ad_orig_ptr;
2558 }
2559 krb5_free_enc_tkt_part(krb5_ctx, tep);
2560 tep = NULL;
2561 if (recoded_container != NULL) {
2562 krb5_free_authdata(krb5_ctx, recoded_container);
2563 recoded_container = NULL;
2564 }
2565 if (ret != 0) {
2566 missing_signing_key(tree, actx->pinfo, private_data,
2567 pactvb, state->ticket_checksum_type,
2568 state->kdc_ek->keytype,
2569 "encode_krb5_enc_tkt_part failed",
2570 "kdc_checksum_key",
2571 1,
2572 0);
2573 return;
2574 }
2575
2576 ret = krb5_c_verify_checksum(krb5_ctx, &kdc_key,
2577 KRB5_KEYUSAGE_APP_DATA_CKSUM,
2578 tmpdata, &checksum, &valid);
2579 krb5_free_data(krb5_ctx, tmpdata);
2580 tmpdata = NULL;
2581 if (ret != 0) {
2582 missing_signing_key(tree, actx->pinfo, private_data,
2583 pactvb, state->ticket_checksum_type,
2584 state->kdc_ek->keytype,
2585 "krb5_c_verify_checksum failed for Ticket Signature",
2586 "kdc_checksum_key",
2587 1,
2588 1);
2589 return;
2590 }
2591
2592 if (valid == FALSE) {
2593 missing_signing_key(tree, actx->pinfo, private_data,
2594 pactvb, state->ticket_checksum_type,
2595 state->kdc_ek->keytype,
2596 "Invalid Ticket",
2597 "kdc_checksum_key",
2598 1,
2599 1);
2600 return;
2601 }
2602
2603 used_signing_key(tree, actx->pinfo, private_data,
2604 state->kdc_ek, pactvb,
2605 state->ticket_checksum_type,
2606 "Verified Ticket",
2607 "kdc_checksum_key",
2608 1,
2609 1);
2610 #endif /* HAVE_DECODE_KRB5_ENC_TKT_PART */
2611 }
2612
2613 static void
2614 verify_krb5_pac(proto_tree *tree _U_, asn1_ctx_t *actx, tvbuff_t *pactvb)
2615 {
2616 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
2617 krb5_error_code ret;
2618 krb5_data checksum_data = {0,0,NULL};
2619 krb5_data ticket_checksum_data = {0,0,NULL};
2620 int length = tvb_captured_length(pactvb);
2621 const guint8 *pacbuffer = NULL;
2622 struct verify_krb5_pac_state state = {
2623 .kdc_checksum = 0,
2624 };
2625
2626 /* don't do anything if we are not attempting to decrypt data */
2627 if(!krb_decrypt || length < 1){
2628 return;
2629 }
2630
2631 /* make sure we have all the data we need */
2632 if (tvb_captured_length(pactvb) < tvb_reported_length(pactvb)) {
2633 return;
2634 }
2635
2636 pacbuffer = tvb_get_ptr(pactvb, 0, length);
2637
2638 ret = krb5_pac_parse(krb5_ctx, pacbuffer, length, &state.pac);
2639 if (ret != 0) {
2640 proto_tree_add_expert_format(tree, actx->pinfo, &ei_kerberos_decrypted_keytype,
2641 pactvb, 0, 0,
2642 "Failed to parse PAC buffer %d in frame %u",
2643 ret, actx->pinfo->fd->num);
2644 return;
2645 }
2646
2647 ret = krb5_pac_get_buffer(krb5_ctx, state.pac, KRB5_PAC_SERVER_CHECKSUM,
2648 &checksum_data);
2649 if (ret == 0) {
2650 state.server_checksum = pletoh32(checksum_data.data);
2651 krb5_free_data_contents(krb5_ctx, &checksum_data);
2652 };
2653 ret = krb5_pac_get_buffer(krb5_ctx, state.pac, KRB5_PAC_PRIVSVR_CHECKSUM,
2654 &checksum_data);
2655 if (ret == 0) {
2656 state.kdc_checksum = pletoh32(checksum_data.data);
2657 krb5_free_data_contents(krb5_ctx, &checksum_data);
2658 };
2659 ret = krb5_pac_get_buffer(krb5_ctx, state.pac,
2660 __KRB5_PAC_TICKET_CHECKSUM,
2661 &ticket_checksum_data);
2662 if (ret == 0) {
2663 state.ticket_checksum_data = &ticket_checksum_data;
2664 state.ticket_checksum_type = pletoh32(ticket_checksum_data.data);
2665 };
2666
2667 read_keytab_file_from_preferences();
2668
2669 wmem_map_foreach(kerberos_all_keys,
2670 verify_krb5_pac_try_server_key,
2671 &state);
2672 if (state.server_ek != NULL) {
2673 used_signing_key(tree, actx->pinfo, private_data,
2674 state.server_ek, pactvb,
2675 state.server_checksum, "Verified Server",
2676 "all_keys",
2677 wmem_map_size(kerberos_all_keys),
2678 state.server_count);
2679 } else {
2680 int keytype = keytype_for_cksumtype(state.server_checksum);
2681 missing_signing_key(tree, actx->pinfo, private_data,
2682 pactvb, state.server_checksum, keytype,
2683 "Missing Server",
2684 "all_keys",
2685 wmem_map_size(kerberos_all_keys),
2686 state.server_count);
2687 }
2688 wmem_map_foreach(kerberos_longterm_keys,
2689 verify_krb5_pac_try_kdc_key,
2690 &state);
2691 if (state.kdc_ek != NULL) {
2692 used_signing_key(tree, actx->pinfo, private_data,
2693 state.kdc_ek, pactvb,
2694 state.kdc_checksum, "Verified KDC",
2695 "longterm_keys",
2696 wmem_map_size(kerberos_longterm_keys),
2697 state.kdc_count);
2698 } else {
2699 int keytype = keytype_for_cksumtype(state.kdc_checksum);
2700 missing_signing_key(tree, actx->pinfo, private_data,
2701 pactvb, state.kdc_checksum, keytype,
2702 "Missing KDC",
2703 "longterm_keys",
2704 wmem_map_size(kerberos_longterm_keys),
2705 state.kdc_count);
2706 }
2707
2708 if (state.ticket_checksum_type != 0) {
2709 verify_krb5_pac_ticket_checksum(tree, actx, pactvb, &state);
2710 }
2711
2712 if (state.ticket_checksum_data != NULL) {
2713 krb5_free_data_contents(krb5_ctx, &ticket_checksum_data);
2714 }
2715
2716 krb5_pac_free(krb5_ctx, state.pac);
2717 }
2718 #endif /* HAVE_KRB5_PAC_VERIFY */
2719
2720 #elif defined(HAVE_HEIMDAL_KERBEROS)
2721 static krb5_context krb5_ctx;
2722
2723 USES_APPLE_DEPRECATED_API
2724
2725 static void
2726 krb5_fast_key(asn1_ctx_t *actx _U_, proto_tree *tree _U_, tvbuff_t *tvb _U_,
2727 enc_key_t *ek1 _U_, const char *p1 _U_,
2728 enc_key_t *ek2 _U_, const char *p2 _U_,
2729 const char *origin _U_)
2730 {
2731 /* TODO: use krb5_crypto_fx_cf2() from Heimdal */
2732 }
2733 void
2734 read_keytab_file(const char *filename)
2735 {
2736 krb5_keytab keytab;
2737 krb5_error_code ret;
2738 krb5_keytab_entry key;
2739 krb5_kt_cursor cursor;
2740 enc_key_t *new_key;
2741 static gboolean first_time=TRUE;
2742
2743 if (filename == NULL || filename[0] == 0) {
2744 return;
2745 }
2746
2747 if(first_time){
2748 first_time=FALSE;
2749 ret = krb5_init_context(&krb5_ctx);
2750 if(ret){
2751 return;
2752 }
2753 }
2754
2755 /* should use a file in the wireshark users dir */
2756 ret = krb5_kt_resolve(krb5_ctx, filename, &keytab);
2757 if(ret){
2758 fprintf(stderr, "KERBEROS ERROR: Could not open keytab file :%s\n",filename);
2759
2760 return;
2761 }
2762
2763 ret = krb5_kt_start_seq_get(krb5_ctx, keytab, &cursor);
2764 if(ret){
2765 fprintf(stderr, "KERBEROS ERROR: Could not read from keytab file :%s\n",filename);
2766 return;
2767 }
2768
2769 do{
2770 ret = krb5_kt_next_entry(krb5_ctx, keytab, &key, &cursor);
2771 if(ret==0){
2772 unsigned int i;
2773 char *pos;
2774
2775 new_key = wmem_new0(wmem_epan_scope(), enc_key_t);
2776 new_key->fd_num = -1;
2777 new_key->id = ++kerberos_longterm_ids;
2778 g_snprintf(new_key->id_str, KRB_MAX_ID_STR_LEN, "keytab.%u", new_key->id);
2779 new_key->next = enc_key_list;
2780
2781 /* generate origin string, describing where this key came from */
2782 pos=new_key->key_origin;
2783 pos+=MIN(KRB_MAX_ORIG_LEN,
2784 g_snprintf(pos, KRB_MAX_ORIG_LEN, "keytab principal "));
2785 for(i=0;i<key.principal->name.name_string.len;i++){
2786 pos+=MIN(KRB_MAX_ORIG_LEN-(pos-new_key->key_origin),
2787 g_snprintf(pos, KRB_MAX_ORIG_LEN-(pos-new_key->key_origin), "%s%s",(i?"/":""),key.principal->name.name_string.val[i]));
2788 }
2789 pos+=MIN(KRB_MAX_ORIG_LEN-(pos-new_key->key_origin),
2790 g_snprintf(pos, KRB_MAX_ORIG_LEN-(pos-new_key->key_origin), "@%s",key.principal->realm));
2791 *pos=0;
2792 new_key->keytype=key.keyblock.keytype;
2793 new_key->keylength=(int)key.keyblock.keyvalue.length;
2794 memcpy(new_key->keyvalue,
2795 key.keyblock.keyvalue.data,
2796 MIN((guint)key.keyblock.keyvalue.length, KRB_MAX_KEY_LENGTH));
2797
2798 enc_key_list=new_key;
2799 ret = krb5_kt_free_entry(krb5_ctx, &key);
2800 if (ret) {
2801 fprintf(stderr, "KERBEROS ERROR: Could not release the entry: %d", ret);
2802 ret = 0; /* try to continue with the next entry */
2803 }
2804 kerberos_key_map_insert(kerberos_longterm_keys, new_key);
2805 }
2806 }while(ret==0);
2807
2808 ret = krb5_kt_end_seq_get(krb5_ctx, keytab, &cursor);
2809 if(ret){
2810 fprintf(stderr, "KERBEROS ERROR: Could not release the keytab cursor: %d", ret);
2811 }
2812 ret = krb5_kt_close(krb5_ctx, keytab);
2813 if(ret){
2814 fprintf(stderr, "KERBEROS ERROR: Could not close the key table handle: %d", ret);
2815 }
2816
2817 }
2818 USES_APPLE_RST
2819
2820
2821 guint8 *
2822 decrypt_krb5_data(proto_tree *tree _U_, packet_info *pinfo,
2823 int usage,
2824 tvbuff_t *cryptotvb,
2825 int keytype,
2826 int *datalen)
2827 {
2828 kerberos_private_data_t *zero_private = kerberos_new_private_data(pinfo);
2829 krb5_error_code ret;
2830 krb5_data data;
2831 enc_key_t *ek;
2832 int length = tvb_captured_length(cryptotvb);
2833 const guint8 *cryptotext = tvb_get_ptr(cryptotvb, 0, length);
2834
2835 /* don't do anything if we are not attempting to decrypt data */
2836 if(!krb_decrypt){
2837 return NULL;
2838 }
2839
2840 /* make sure we have all the data we need */
2841 if (tvb_captured_length(cryptotvb) < tvb_reported_length(cryptotvb)) {
2842 return NULL;
2843 }
2844
2845 read_keytab_file_from_preferences();
2846
2847 for(ek=enc_key_list;ek;ek=ek->next){
2848 krb5_keytab_entry key;
2849 krb5_crypto crypto;
2850 guint8 *cryptocopy; /* workaround for pre-0.6.1 heimdal bug */
2851
2852 /* shortcircuit and bail out if enctypes are not matching */
2853 if((keytype != -1) && (ek->keytype != keytype)) {
2854 continue;
2855 }
2856
2857 key.keyblock.keytype=ek->keytype;
2858 key.keyblock.keyvalue.length=ek->keylength;
2859 key.keyblock.keyvalue.data=ek->keyvalue;
2860 ret = krb5_crypto_init(krb5_ctx, &(key.keyblock), (krb5_enctype)ENCTYPE_NULL, &crypto);
2861 if(ret){
2862 return NULL;
2863 }
2864
2865 /* pre-0.6.1 versions of Heimdal would sometimes change
2866 the cryptotext data even when the decryption failed.
2867 This would obviously not work since we iterate over the
2868 keys. So just give it a copy of the crypto data instead.
2869 This has been seen for RC4-HMAC blobs.
2870 */
2871 cryptocopy = (guint8 *)wmem_memdup(pinfo->pool, cryptotext, length);
2872 ret = krb5_decrypt_ivec(krb5_ctx, crypto, usage,
2873 cryptocopy, length,
2874 &data,
2875 NULL);
2876 if((ret == 0) && (length>0)){
2877 char *user_data;
2878
2879 used_encryption_key(tree, pinfo, zero_private,
2880 ek, usage, cryptotvb,
2881 "enc_key_list", 0, 0);
2882
2883 krb5_crypto_destroy(krb5_ctx, crypto);
2884 /* return a private wmem_alloced blob to the caller */
2885 user_data = (char *)wmem_memdup(pinfo->pool, data.data, (guint)data.length);
2886 if (datalen) {
2887 *datalen = (int)data.length;
2888 }
2889 return user_data;
2890 }
2891 krb5_crypto_destroy(krb5_ctx, crypto);
2892 }
2893 return NULL;
2894 }
2895
2896 #define NEED_DECRYPT_KRB5_KRB_CFX_DCE_NOOP 1
2897
2898 #elif defined (HAVE_LIBNETTLE)
2899
2900 #define SERVICE_KEY_SIZE (DES3_KEY_SIZE + 2)
2901 #define KEYTYPE_DES3_CBC_MD5 5 /* Currently the only one supported */
2902
2903 typedef struct _service_key_t {
2904 guint16 kvno;
2905 int keytype;
2906 int length;
2907 guint8 *contents;
2908 char origin[KRB_MAX_ORIG_LEN+1];
2909 } service_key_t;
2910 GSList *service_key_list = NULL;
2911
2912
2913 static void
2914 add_encryption_key(packet_info *pinfo, int keytype, int keylength, const char *keyvalue, const char *origin)
2915 {
2916 service_key_t *new_key;
2917
2918 if(pinfo->fd->visited){
2919 return;
2920 }
2921
2922 new_key = g_malloc(sizeof(service_key_t));
2923 new_key->kvno = 0;
2924 new_key->keytype = keytype;
2925 new_key->length = keylength;
2926 new_key->contents = g_memdup2(keyvalue, keylength);
2927 g_snprintf(new_key->origin, KRB_MAX_ORIG_LEN, "%s learnt from frame %u", origin, pinfo->num);
2928 service_key_list = g_slist_append(service_key_list, (gpointer) new_key);
2929 }
2930
2931 static void
2932 save_encryption_key(tvbuff_t *tvb _U_, int offset _U_, int length _U_,
2933 asn1_ctx_t *actx _U_, proto_tree *tree _U_,
2934 int parent_hf_index _U_,
2935 int hf_index _U_)
2936 {
2937 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
2938 const char *parent = proto_registrar_get_name(parent_hf_index);
2939 const char *element = proto_registrar_get_name(hf_index);
2940 char origin[KRB_MAX_ORIG_LEN] = { 0, };
2941
2942 g_snprintf(origin, KRB_MAX_ORIG_LEN, "%s_%s", parent, element);
2943
2944 add_encryption_key(actx->pinfo,
2945 private_data->key.keytype,
2946 private_data->key.keylength,
2947 private_data->key.keyvalue,
2948 origin);
2949 }
2950
2951 static void
2952 save_Authenticator_subkey(tvbuff_t *tvb, int offset, int length,
2953 asn1_ctx_t *actx, proto_tree *tree,
2954 int parent_hf_index,
2955 int hf_index)
2956 {
2957 save_encryption_key(tvb, offset, length, actx, tree, parent_hf_index, hf_index);
2958 }
2959
2960 static void
2961 save_EncAPRepPart_subkey(tvbuff_t *tvb, int offset, int length,
2962 asn1_ctx_t *actx, proto_tree *tree,
2963 int parent_hf_index,
2964 int hf_index)
2965 {
2966 save_encryption_key(tvb, offset, length, actx, tree, parent_hf_index, hf_index);
2967 }
2968
2969 static void
2970 save_EncKDCRepPart_key(tvbuff_t *tvb, int offset, int length,
2971 asn1_ctx_t *actx, proto_tree *tree,
2972 int parent_hf_index,
2973 int hf_index)
2974 {
2975 save_encryption_key(tvb, offset, length, actx, tree, parent_hf_index, hf_index);
2976 }
2977
2978 static void
2979 save_EncTicketPart_key(tvbuff_t *tvb, int offset, int length,
2980 asn1_ctx_t *actx, proto_tree *tree,
2981 int parent_hf_index,
2982 int hf_index)
2983 {
2984 save_encryption_key(tvb, offset, length, actx, tree, parent_hf_index, hf_index);
2985 }
2986
2987 static void
2988 save_KrbCredInfo_key(tvbuff_t *tvb, int offset, int length,
2989 asn1_ctx_t *actx, proto_tree *tree,
2990 int parent_hf_index,
2991 int hf_index)
2992 {
2993 save_encryption_key(tvb, offset, length, actx, tree, parent_hf_index, hf_index);
2994 }
2995
2996 static void
2997 save_KrbFastResponse_strengthen_key(tvbuff_t *tvb _U_, int offset _U_, int length _U_,
2998 asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_)
2999 {
3000 save_encryption_key(tvb, offset, length, actx, tree, hf_index);
3001 }
3002
3003 static void
3004 clear_keytab(void) {
3005 GSList *ske;
3006 service_key_t *sk;
3007
3008 for(ske = service_key_list; ske != NULL; ske = g_slist_next(ske)){
3009 sk = (service_key_t *) ske->data;
3010 if (sk) {
3011 g_free(sk->contents);
3012 g_free(sk);
3013 }
3014 }
3015 g_slist_free(service_key_list);
3016 service_key_list = NULL;
3017 }
3018
3019 static void
3020 read_keytab_file(const char *service_key_file)
3021 {
3022 FILE *skf;
3023 ws_statb64 st;
3024 service_key_t *sk;
3025 unsigned char buf[SERVICE_KEY_SIZE];
3026 int newline_skip = 0, count = 0;
3027
3028 if (service_key_file != NULL && ws_stat64 (service_key_file, &st) == 0) {
3029
3030 /* The service key file contains raw 192-bit (24 byte) 3DES keys.
3031 * There can be zero, one (\n), or two (\r\n) characters between
3032 * keys. Trailing characters are ignored.
3033 */
3034
3035 /* XXX We should support the standard keytab format instead */
3036 if (st.st_size > SERVICE_KEY_SIZE) {
3037 if ( (st.st_size % (SERVICE_KEY_SIZE + 1) == 0) ||
3038 (st.st_size % (SERVICE_KEY_SIZE + 1) == SERVICE_KEY_SIZE) ) {
3039 newline_skip = 1;
3040 } else if ( (st.st_size % (SERVICE_KEY_SIZE + 2) == 0) ||
3041 (st.st_size % (SERVICE_KEY_SIZE + 2) == SERVICE_KEY_SIZE) ) {
3042 newline_skip = 2;
3043 }
3044 }
3045
3046 skf = ws_fopen(service_key_file, "rb");
3047 if (! skf) return;
3048
3049 while (fread(buf, SERVICE_KEY_SIZE, 1, skf) == 1) {
3050 sk = g_malloc(sizeof(service_key_t));
3051 sk->kvno = buf[0] << 8 | buf[1];
3052 sk->keytype = KEYTYPE_DES3_CBC_MD5;
3053 sk->length = DES3_KEY_SIZE;
3054 sk->contents = g_memdup2(buf + 2, DES3_KEY_SIZE);
3055 g_snprintf(sk->origin, KRB_MAX_ORIG_LEN, "3DES service key file, key #%d, offset %ld", count, ftell(skf));
3056 service_key_list = g_slist_append(service_key_list, (gpointer) sk);
3057 if (fseek(skf, newline_skip, SEEK_CUR) < 0) {
3058 fprintf(stderr, "unable to seek...\n");
3059 fclose(skf);
3060 return;
3061 }
3062 count++;
3063 }
3064 fclose(skf);
3065 }
3066 }
3067
3068 #define CONFOUNDER_PLUS_CHECKSUM 24
3069
3070 guint8 *
3071 decrypt_krb5_data(proto_tree *tree, packet_info *pinfo,
3072 int _U_ usage,
3073 tvbuff_t *cryptotvb,
3074 int keytype,
3075 int *datalen)
3076 {
3077 tvbuff_t *encr_tvb;
3078 guint8 *decrypted_data = NULL, *plaintext = NULL;
3079 guint8 cls;
3080 gboolean pc;
3081 guint32 tag, item_len, data_len;
3082 int id_offset, offset;
3083 guint8 key[DES3_KEY_SIZE];
3084 guint8 initial_vector[DES_BLOCK_SIZE];
3085 gcry_md_hd_t md5_handle;
3086 guint8 *digest;
3087 guint8 zero_fill[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
3088 guint8 confounder[8];
3089 gboolean ind;
3090 GSList *ske;
3091 service_key_t *sk;
3092 struct des3_ctx ctx;
3093 int length = tvb_captured_length(cryptotvb);
3094 const guint8 *cryptotext = tvb_get_ptr(cryptotvb, 0, length);
3095
3096
3097 /* don't do anything if we are not attempting to decrypt data */
3098 if(!krb_decrypt){
3099 return NULL;
3100 }
3101
3102 /* make sure we have all the data we need */
3103 if (tvb_captured_length(cryptotvb) < tvb_reported_length(cryptotvb)) {
3104 return NULL;
3105 }
3106
3107 if (keytype != KEYTYPE_DES3_CBC_MD5 || service_key_list == NULL) {
3108 return NULL;
3109 }
3110
3111 decrypted_data = wmem_alloc(pinfo->pool, length);
3112 for(ske = service_key_list; ske != NULL; ske = g_slist_next(ske)){
3113 gboolean do_continue = FALSE;
3114 gboolean digest_ok;
3115 sk = (service_key_t *) ske->data;
3116
3117 des_fix_parity(DES3_KEY_SIZE, key, sk->contents);
3118
3119 memset(initial_vector, 0, DES_BLOCK_SIZE);
3120 des3_set_key(&ctx, key);
3121 cbc_decrypt(&ctx, des3_decrypt, DES_BLOCK_SIZE, initial_vector,
3122 length, decrypted_data, cryptotext);
3123 encr_tvb = tvb_new_real_data(decrypted_data, length, length);
3124
3125 tvb_memcpy(encr_tvb, confounder, 0, 8);
3126
3127 /* We have to pull the decrypted data length from the decrypted
3128 * content. If the key doesn't match or we otherwise get garbage,
3129 * an exception may get thrown while decoding the ASN.1 header.
3130 * Catch it, just in case.
3131 */
3132 TRY {
3133 id_offset = get_ber_identifier(encr_tvb, CONFOUNDER_PLUS_CHECKSUM, &cls, &pc, &tag);
3134 offset = get_ber_length(encr_tvb, id_offset, &item_len, &ind);
3135 }
3136 CATCH_BOUNDS_ERRORS {
3137 tvb_free(encr_tvb);
3138 do_continue = TRUE;
3139 }
3140 ENDTRY;
3141
3142 if (do_continue) continue;
3143
3144 data_len = item_len + offset - CONFOUNDER_PLUS_CHECKSUM;
3145 if ((int) item_len + offset > length) {
3146 tvb_free(encr_tvb);
3147 continue;
3148 }
3149
3150 if (gcry_md_open(&md5_handle, GCRY_MD_MD5, 0)) {
3151 return NULL;
3152 }
3153 gcry_md_write(md5_handle, confounder, 8);
3154 gcry_md_write(md5_handle, zero_fill, 16);
3155 gcry_md_write(md5_handle, decrypted_data + CONFOUNDER_PLUS_CHECKSUM, data_len);
3156 digest = gcry_md_read(md5_handle, 0);
3157
3158 digest_ok = (tvb_memeql (encr_tvb, 8, digest, HASH_MD5_LENGTH) == 0);
3159 gcry_md_close(md5_handle);
3160 if (digest_ok) {
3161 plaintext = (guint8* )tvb_memdup(pinfo->pool, encr_tvb, CONFOUNDER_PLUS_CHECKSUM, data_len);
3162 tvb_free(encr_tvb);
3163
3164 if (datalen) {
3165 *datalen = data_len;
3166 }
3167 return(plaintext);
3168 }
3169 tvb_free(encr_tvb);
3170 }
3171
3172 return NULL;
3173 }
3174
3175 #endif /* HAVE_MIT_KERBEROS / HAVE_HEIMDAL_KERBEROS / HAVE_LIBNETTLE */
3176
3177 #ifdef NEED_DECRYPT_KRB5_KRB_CFX_DCE_NOOP
3178 tvbuff_t *
3179 decrypt_krb5_krb_cfx_dce(proto_tree *tree _U_,
3180 packet_info *pinfo _U_,
3181 int usage _U_,
3182 int keytype _U_,
3183 tvbuff_t *gssapi_header_tvb _U_,
3184 tvbuff_t *gssapi_encrypted_tvb _U_,
3185 tvbuff_t *gssapi_trailer_tvb _U_,
3186 tvbuff_t *checksum_tvb _U_)
3187 {
3188 return NULL;
3189 }
3190 #endif /* NEED_DECRYPT_KRB5_KRB_CFX_DCE_NOOP */
3191
3192 #define INET6_ADDRLEN 16
3193
3194 /* TCP Record Mark */
3195 #define KRB_RM_RESERVED 0x80000000U
3196 #define KRB_RM_RECLEN 0x7fffffffU
3197
3198 #define KRB5_MSG_TICKET 1 /* Ticket */
3199 #define KRB5_MSG_AUTHENTICATOR 2 /* Authenticator */
3200 #define KRB5_MSG_ENC_TICKET_PART 3 /* EncTicketPart */
3201 #define KRB5_MSG_AS_REQ 10 /* AS-REQ type */
3202 #define KRB5_MSG_AS_REP 11 /* AS-REP type */
3203 #define KRB5_MSG_TGS_REQ 12 /* TGS-REQ type */
3204 #define KRB5_MSG_TGS_REP 13 /* TGS-REP type */
3205 #define KRB5_MSG_AP_REQ 14 /* AP-REQ type */
3206 #define KRB5_MSG_AP_REP 15 /* AP-REP type */
3207 #define KRB5_MSG_TGT_REQ 16 /* TGT-REQ type */
3208 #define KRB5_MSG_TGT_REP 17 /* TGT-REP type */
3209
3210 #define KRB5_MSG_SAFE 20 /* KRB-SAFE type */
3211 #define KRB5_MSG_PRIV 21 /* KRB-PRIV type */
3212 #define KRB5_MSG_CRED 22 /* KRB-CRED type */
3213 #define KRB5_MSG_ENC_AS_REP_PART 25 /* EncASRepPart */
3214 #define KRB5_MSG_ENC_TGS_REP_PART 26 /* EncTGSRepPart */
3215 #define KRB5_MSG_ENC_AP_REP_PART 27 /* EncAPRepPart */
3216 #define KRB5_MSG_ENC_KRB_PRIV_PART 28 /* EncKrbPrivPart */
3217 #define KRB5_MSG_ENC_KRB_CRED_PART 29 /* EncKrbCredPart */
3218 #define KRB5_MSG_ERROR 30 /* KRB-ERROR type */
3219
3220 #define KRB5_CHKSUM_GSSAPI 0x8003
3221 /*
3222 * For KERB_ENCTYPE_RC4_HMAC and KERB_ENCTYPE_RC4_HMAC_EXP, see
3223 *
3224 * https://tools.ietf.org/html/draft-brezak-win2k-krb-rc4-hmac-04
3225 *
3226 * unless it's expired.
3227 */
3228
3229 /* Principal name-type */
3230 #define KRB5_NT_UNKNOWN 0
3231 #define KRB5_NT_PRINCIPAL 1
3232 #define KRB5_NT_SRV_INST 2
3233 #define KRB5_NT_SRV_HST 3
3234 #define KRB5_NT_SRV_XHST 4
3235 #define KRB5_NT_UID 5
3236 #define KRB5_NT_X500_PRINCIPAL 6
3237 #define KRB5_NT_SMTP_NAME 7
3238 #define KRB5_NT_ENTERPRISE 10
3239
3240 /*
3241 * MS specific name types, from
3242 *
3243 * http://msdn.microsoft.com/library/en-us/security/security/kerb_external_name.asp
3244 */
3245 #define KRB5_NT_MS_PRINCIPAL -128
3246 #define KRB5_NT_MS_PRINCIPAL_AND_SID -129
3247 #define KRB5_NT_ENT_PRINCIPAL_AND_SID -130
3248 #define KRB5_NT_PRINCIPAL_AND_SID -131
3249 #define KRB5_NT_SRV_INST_AND_SID -132
3250
3251 /* error table constants */
3252 /* I prefixed the krb5_err.et constant names with KRB5_ET_ for these */
3253 #define KRB5_ET_KRB5KDC_ERR_NONE 0
3254 #define KRB5_ET_KRB5KDC_ERR_NAME_EXP 1
3255 #define KRB5_ET_KRB5KDC_ERR_SERVICE_EXP 2
3256 #define KRB5_ET_KRB5KDC_ERR_BAD_PVNO 3
3257 #define KRB5_ET_KRB5KDC_ERR_C_OLD_MAST_KVNO 4
3258 #define KRB5_ET_KRB5KDC_ERR_S_OLD_MAST_KVNO 5
3259 #define KRB5_ET_KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN 6
3260 #define KRB5_ET_KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN 7
3261 #define KRB5_ET_KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE 8
3262 #define KRB5_ET_KRB5KDC_ERR_NULL_KEY 9
3263 #define KRB5_ET_KRB5KDC_ERR_CANNOT_POSTDATE 10
3264 #define KRB5_ET_KRB5KDC_ERR_NEVER_VALID 11
3265 #define KRB5_ET_KRB5KDC_ERR_POLICY 12
3266 #define KRB5_ET_KRB5KDC_ERR_BADOPTION 13
3267 #define KRB5_ET_KRB5KDC_ERR_ETYPE_NOSUPP 14
3268 #define KRB5_ET_KRB5KDC_ERR_SUMTYPE_NOSUPP 15
3269 #define KRB5_ET_KRB5KDC_ERR_PADATA_TYPE_NOSUPP 16
3270 #define KRB5_ET_KRB5KDC_ERR_TRTYPE_NOSUPP 17
3271 #define KRB5_ET_KRB5KDC_ERR_CLIENT_REVOKED 18
3272 #define KRB5_ET_KRB5KDC_ERR_SERVICE_REVOKED 19
3273 #define KRB5_ET_KRB5KDC_ERR_TGT_REVOKED 20
3274 #define KRB5_ET_KRB5KDC_ERR_CLIENT_NOTYET 21
3275 #define KRB5_ET_KRB5KDC_ERR_SERVICE_NOTYET 22
3276 #define KRB5_ET_KRB5KDC_ERR_KEY_EXP 23
3277 #define KRB5_ET_KRB5KDC_ERR_PREAUTH_FAILED 24
3278 #define KRB5_ET_KRB5KDC_ERR_PREAUTH_REQUIRED 25
3279 #define KRB5_ET_KRB5KDC_ERR_SERVER_NOMATCH 26
3280 #define KRB5_ET_KRB5KDC_ERR_MUST_USE_USER2USER 27
3281 #define KRB5_ET_KRB5KDC_ERR_PATH_NOT_ACCEPTED 28
3282 #define KRB5_ET_KRB5KDC_ERR_SVC_UNAVAILABLE 29
3283 #define KRB5_ET_KRB5KRB_AP_ERR_BAD_INTEGRITY 31
3284 #define KRB5_ET_KRB5KRB_AP_ERR_TKT_EXPIRED 32
3285 #define KRB5_ET_KRB5KRB_AP_ERR_TKT_NYV 33
3286 #define KRB5_ET_KRB5KRB_AP_ERR_REPEAT 34
3287 #define KRB5_ET_KRB5KRB_AP_ERR_NOT_US 35
3288 #define KRB5_ET_KRB5KRB_AP_ERR_BADMATCH 36
3289 #define KRB5_ET_KRB5KRB_AP_ERR_SKEW 37
3290 #define KRB5_ET_KRB5KRB_AP_ERR_BADADDR 38
3291 #define KRB5_ET_KRB5KRB_AP_ERR_BADVERSION 39
3292 #define KRB5_ET_KRB5KRB_AP_ERR_MSG_TYPE 40
3293 #define KRB5_ET_KRB5KRB_AP_ERR_MODIFIED 41
3294 #define KRB5_ET_KRB5KRB_AP_ERR_BADORDER 42
3295 #define KRB5_ET_KRB5KRB_AP_ERR_ILL_CR_TKT 43
3296 #define KRB5_ET_KRB5KRB_AP_ERR_BADKEYVER 44
3297 #define KRB5_ET_KRB5KRB_AP_ERR_NOKEY 45
3298 #define KRB5_ET_KRB5KRB_AP_ERR_MUT_FAIL 46
3299 #define KRB5_ET_KRB5KRB_AP_ERR_BADDIRECTION 47
3300 #define KRB5_ET_KRB5KRB_AP_ERR_METHOD 48
3301 #define KRB5_ET_KRB5KRB_AP_ERR_BADSEQ 49
3302 #define KRB5_ET_KRB5KRB_AP_ERR_INAPP_CKSUM 50
3303 #define KRB5_ET_KRB5KDC_AP_PATH_NOT_ACCEPTED 51
3304 #define KRB5_ET_KRB5KRB_ERR_RESPONSE_TOO_BIG 52
3305 #define KRB5_ET_KRB5KRB_ERR_GENERIC 60
3306 #define KRB5_ET_KRB5KRB_ERR_FIELD_TOOLONG 61
3307 #define KRB5_ET_KDC_ERROR_CLIENT_NOT_TRUSTED 62
3308 #define KRB5_ET_KDC_ERROR_KDC_NOT_TRUSTED 63
3309 #define KRB5_ET_KDC_ERROR_INVALID_SIG 64
3310 #define KRB5_ET_KDC_ERR_KEY_TOO_WEAK 65
3311 #define KRB5_ET_KDC_ERR_CERTIFICATE_MISMATCH 66
3312 #define KRB5_ET_KRB_AP_ERR_NO_TGT 67
3313 #define KRB5_ET_KDC_ERR_WRONG_REALM 68
3314 #define KRB5_ET_KRB_AP_ERR_USER_TO_USER_REQUIRED 69
3315 #define KRB5_ET_KDC_ERR_CANT_VERIFY_CERTIFICATE 70
3316 #define KRB5_ET_KDC_ERR_INVALID_CERTIFICATE 71
3317 #define KRB5_ET_KDC_ERR_REVOKED_CERTIFICATE 72
3318 #define KRB5_ET_KDC_ERR_REVOCATION_STATUS_UNKNOWN 73
3319 #define KRB5_ET_KDC_ERR_REVOCATION_STATUS_UNAVAILABLE 74
3320 #define KRB5_ET_KDC_ERR_CLIENT_NAME_MISMATCH 75
3321 #define KRB5_ET_KDC_ERR_KDC_NAME_MISMATCH 76
3322 #define KRB5_ET_KDC_ERR_PREAUTH_EXPIRED 90
3323 #define KRB5_ET_KDC_ERR_MORE_PREAUTH_DATA_REQUIRED 91
3324 #define KRB5_ET_KDC_ERR_PREAUTH_BAD_AUTHENTICATION_SET 92
3325 #define KRB5_ET_KDC_ERR_UNKNOWN_CRITICAL_FAST_OPTIONS 93
3326
3327 static const value_string krb5_error_codes[] = {
3328 { KRB5_ET_KRB5KDC_ERR_NONE, "KRB5KDC_ERR_NONE" },
3329 { KRB5_ET_KRB5KDC_ERR_NAME_EXP, "KRB5KDC_ERR_NAME_EXP" },
3330 { KRB5_ET_KRB5KDC_ERR_SERVICE_EXP, "KRB5KDC_ERR_SERVICE_EXP" },
3331 { KRB5_ET_KRB5KDC_ERR_BAD_PVNO, "KRB5KDC_ERR_BAD_PVNO" },
3332 { KRB5_ET_KRB5KDC_ERR_C_OLD_MAST_KVNO, "KRB5KDC_ERR_C_OLD_MAST_KVNO" },
3333 { KRB5_ET_KRB5KDC_ERR_S_OLD_MAST_KVNO, "KRB5KDC_ERR_S_OLD_MAST_KVNO" },
3334 { KRB5_ET_KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN, "KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN" },
3335 { KRB5_ET_KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN, "KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN" },
3336 { KRB5_ET_KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE, "KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE" },
3337 { KRB5_ET_KRB5KDC_ERR_NULL_KEY, "KRB5KDC_ERR_NULL_KEY" },
3338 { KRB5_ET_KRB5KDC_ERR_CANNOT_POSTDATE, "KRB5KDC_ERR_CANNOT_POSTDATE" },
3339 { KRB5_ET_KRB5KDC_ERR_NEVER_VALID, "KRB5KDC_ERR_NEVER_VALID" },
3340 { KRB5_ET_KRB5KDC_ERR_POLICY, "KRB5KDC_ERR_POLICY" },
3341 { KRB5_ET_KRB5KDC_ERR_BADOPTION, "KRB5KDC_ERR_BADOPTION" },
3342 { KRB5_ET_KRB5KDC_ERR_ETYPE_NOSUPP, "KRB5KDC_ERR_ETYPE_NOSUPP" },
3343 { KRB5_ET_KRB5KDC_ERR_SUMTYPE_NOSUPP, "KRB5KDC_ERR_SUMTYPE_NOSUPP" },
3344 { KRB5_ET_KRB5KDC_ERR_PADATA_TYPE_NOSUPP, "KRB5KDC_ERR_PADATA_TYPE_NOSUPP" },
3345 { KRB5_ET_KRB5KDC_ERR_TRTYPE_NOSUPP, "KRB5KDC_ERR_TRTYPE_NOSUPP" },
3346 { KRB5_ET_KRB5KDC_ERR_CLIENT_REVOKED, "KRB5KDC_ERR_CLIENT_REVOKED" },
3347 { KRB5_ET_KRB5KDC_ERR_SERVICE_REVOKED, "KRB5KDC_ERR_SERVICE_REVOKED" },
3348 { KRB5_ET_KRB5KDC_ERR_TGT_REVOKED, "KRB5KDC_ERR_TGT_REVOKED" },
3349 { KRB5_ET_KRB5KDC_ERR_CLIENT_NOTYET, "KRB5KDC_ERR_CLIENT_NOTYET" },
3350 { KRB5_ET_KRB5KDC_ERR_SERVICE_NOTYET, "KRB5KDC_ERR_SERVICE_NOTYET" },
3351 { KRB5_ET_KRB5KDC_ERR_KEY_EXP, "KRB5KDC_ERR_KEY_EXP" },
3352 { KRB5_ET_KRB5KDC_ERR_PREAUTH_FAILED, "KRB5KDC_ERR_PREAUTH_FAILED" },
3353 { KRB5_ET_KRB5KDC_ERR_PREAUTH_REQUIRED, "KRB5KDC_ERR_PREAUTH_REQUIRED" },
3354 { KRB5_ET_KRB5KDC_ERR_SERVER_NOMATCH, "KRB5KDC_ERR_SERVER_NOMATCH" },
3355 { KRB5_ET_KRB5KDC_ERR_MUST_USE_USER2USER, "KRB5KDC_ERR_MUST_USE_USER2USER" },
3356 { KRB5_ET_KRB5KDC_ERR_PATH_NOT_ACCEPTED, "KRB5KDC_ERR_PATH_NOT_ACCEPTED" },
3357 { KRB5_ET_KRB5KDC_ERR_SVC_UNAVAILABLE, "KRB5KDC_ERR_SVC_UNAVAILABLE" },
3358 { KRB5_ET_KRB5KRB_AP_ERR_BAD_INTEGRITY, "KRB5KRB_AP_ERR_BAD_INTEGRITY" },
3359 { KRB5_ET_KRB5KRB_AP_ERR_TKT_EXPIRED, "KRB5KRB_AP_ERR_TKT_EXPIRED" },
3360 { KRB5_ET_KRB5KRB_AP_ERR_TKT_NYV, "KRB5KRB_AP_ERR_TKT_NYV" },
3361 { KRB5_ET_KRB5KRB_AP_ERR_REPEAT, "KRB5KRB_AP_ERR_REPEAT" },
3362 { KRB5_ET_KRB5KRB_AP_ERR_NOT_US, "KRB5KRB_AP_ERR_NOT_US" },
3363 { KRB5_ET_KRB5KRB_AP_ERR_BADMATCH, "KRB5KRB_AP_ERR_BADMATCH" },
3364 { KRB5_ET_KRB5KRB_AP_ERR_SKEW, "KRB5KRB_AP_ERR_SKEW" },
3365 { KRB5_ET_KRB5KRB_AP_ERR_BADADDR, "KRB5KRB_AP_ERR_BADADDR" },
3366 { KRB5_ET_KRB5KRB_AP_ERR_BADVERSION, "KRB5KRB_AP_ERR_BADVERSION" },
3367 { KRB5_ET_KRB5KRB_AP_ERR_MSG_TYPE, "KRB5KRB_AP_ERR_MSG_TYPE" },
3368 { KRB5_ET_KRB5KRB_AP_ERR_MODIFIED, "KRB5KRB_AP_ERR_MODIFIED" },
3369 { KRB5_ET_KRB5KRB_AP_ERR_BADORDER, "KRB5KRB_AP_ERR_BADORDER" },
3370 { KRB5_ET_KRB5KRB_AP_ERR_ILL_CR_TKT, "KRB5KRB_AP_ERR_ILL_CR_TKT" },
3371 { KRB5_ET_KRB5KRB_AP_ERR_BADKEYVER, "KRB5KRB_AP_ERR_BADKEYVER" },
3372 { KRB5_ET_KRB5KRB_AP_ERR_NOKEY, "KRB5KRB_AP_ERR_NOKEY" },
3373 { KRB5_ET_KRB5KRB_AP_ERR_MUT_FAIL, "KRB5KRB_AP_ERR_MUT_FAIL" },
3374 { KRB5_ET_KRB5KRB_AP_ERR_BADDIRECTION, "KRB5KRB_AP_ERR_BADDIRECTION" },
3375 { KRB5_ET_KRB5KRB_AP_ERR_METHOD, "KRB5KRB_AP_ERR_METHOD" },
3376 { KRB5_ET_KRB5KRB_AP_ERR_BADSEQ, "KRB5KRB_AP_ERR_BADSEQ" },
3377 { KRB5_ET_KRB5KRB_AP_ERR_INAPP_CKSUM, "KRB5KRB_AP_ERR_INAPP_CKSUM" },
3378 { KRB5_ET_KRB5KDC_AP_PATH_NOT_ACCEPTED, "KRB5KDC_AP_PATH_NOT_ACCEPTED" },
3379 { KRB5_ET_KRB5KRB_ERR_RESPONSE_TOO_BIG, "KRB5KRB_ERR_RESPONSE_TOO_BIG"},
3380 { KRB5_ET_KRB5KRB_ERR_GENERIC, "KRB5KRB_ERR_GENERIC" },
3381 { KRB5_ET_KRB5KRB_ERR_FIELD_TOOLONG, "KRB5KRB_ERR_FIELD_TOOLONG" },
3382 { KRB5_ET_KDC_ERROR_CLIENT_NOT_TRUSTED, "KDC_ERROR_CLIENT_NOT_TRUSTED" },
3383 { KRB5_ET_KDC_ERROR_KDC_NOT_TRUSTED, "KDC_ERROR_KDC_NOT_TRUSTED" },
3384 { KRB5_ET_KDC_ERROR_INVALID_SIG, "KDC_ERROR_INVALID_SIG" },
3385 { KRB5_ET_KDC_ERR_KEY_TOO_WEAK, "KDC_ERR_KEY_TOO_WEAK" },
3386 { KRB5_ET_KDC_ERR_CERTIFICATE_MISMATCH, "KDC_ERR_CERTIFICATE_MISMATCH" },
3387 { KRB5_ET_KRB_AP_ERR_NO_TGT, "KRB_AP_ERR_NO_TGT" },
3388 { KRB5_ET_KDC_ERR_WRONG_REALM, "KDC_ERR_WRONG_REALM" },
3389 { KRB5_ET_KRB_AP_ERR_USER_TO_USER_REQUIRED, "KRB_AP_ERR_USER_TO_USER_REQUIRED" },
3390 { KRB5_ET_KDC_ERR_CANT_VERIFY_CERTIFICATE, "KDC_ERR_CANT_VERIFY_CERTIFICATE" },
3391 { KRB5_ET_KDC_ERR_INVALID_CERTIFICATE, "KDC_ERR_INVALID_CERTIFICATE" },
3392 { KRB5_ET_KDC_ERR_REVOKED_CERTIFICATE, "KDC_ERR_REVOKED_CERTIFICATE" },
3393 { KRB5_ET_KDC_ERR_REVOCATION_STATUS_UNKNOWN, "KDC_ERR_REVOCATION_STATUS_UNKNOWN" },
3394 { KRB5_ET_KDC_ERR_REVOCATION_STATUS_UNAVAILABLE, "KDC_ERR_REVOCATION_STATUS_UNAVAILABLE" },
3395 { KRB5_ET_KDC_ERR_CLIENT_NAME_MISMATCH, "KDC_ERR_CLIENT_NAME_MISMATCH" },
3396 { KRB5_ET_KDC_ERR_KDC_NAME_MISMATCH, "KDC_ERR_KDC_NAME_MISMATCH" },
3397 { KRB5_ET_KDC_ERR_PREAUTH_EXPIRED, "KDC_ERR_PREAUTH_EXPIRED" },
3398 { KRB5_ET_KDC_ERR_MORE_PREAUTH_DATA_REQUIRED, "KDC_ERR_MORE_PREAUTH_DATA_REQUIRED" },
3399 { KRB5_ET_KDC_ERR_PREAUTH_BAD_AUTHENTICATION_SET, "KDC_ERR_PREAUTH_BAD_AUTHENTICATION_SET" },
3400 { KRB5_ET_KDC_ERR_UNKNOWN_CRITICAL_FAST_OPTIONS, "KDC_ERR_UNKNOWN_CRITICAL_FAST_OPTIONS" },
3401 { 0, NULL }
3402 };
3403
3404
3405 #define PAC_LOGON_INFO 1
3406 #define PAC_CREDENTIAL_TYPE 2
3407 #define PAC_SERVER_CHECKSUM 6
3408 #define PAC_PRIVSVR_CHECKSUM 7
3409 #define PAC_CLIENT_INFO_TYPE 10
3410 #define PAC_S4U_DELEGATION_INFO 11
3411 #define PAC_UPN_DNS_INFO 12
3412 #define PAC_CLIENT_CLAIMS_INFO 13
3413 #define PAC_DEVICE_INFO 14
3414 #define PAC_DEVICE_CLAIMS_INFO 15
3415 #define PAC_TICKET_CHECKSUM 16
3416 static const value_string w2k_pac_types[] = {
3417 { PAC_LOGON_INFO , "Logon Info" },
3418 { PAC_CREDENTIAL_TYPE , "Credential Type" },
3419 { PAC_SERVER_CHECKSUM , "Server Checksum" },
3420 { PAC_PRIVSVR_CHECKSUM , "Privsvr Checksum" },
3421 { PAC_CLIENT_INFO_TYPE , "Client Info Type" },
3422 { PAC_S4U_DELEGATION_INFO , "S4U Delegation Info" },
3423 { PAC_UPN_DNS_INFO , "UPN DNS Info" },
3424 { PAC_CLIENT_CLAIMS_INFO , "Client Claims Info" },
3425 { PAC_DEVICE_INFO , "Device Info" },
3426 { PAC_DEVICE_CLAIMS_INFO , "Device Claims Info" },
3427 { PAC_TICKET_CHECKSUM , "Ticket Checksum" },
3428 { 0, NULL },
3429 };
3430
3431 static const value_string krb5_msg_types[] = {
3432 { KRB5_MSG_TICKET, "Ticket" },
3433 { KRB5_MSG_AUTHENTICATOR, "Authenticator" },
3434 { KRB5_MSG_ENC_TICKET_PART, "EncTicketPart" },
3435 { KRB5_MSG_TGS_REQ, "TGS-REQ" },
3436 { KRB5_MSG_TGS_REP, "TGS-REP" },
3437 { KRB5_MSG_AS_REQ, "AS-REQ" },
3438 { KRB5_MSG_AS_REP, "AS-REP" },
3439 { KRB5_MSG_AP_REQ, "AP-REQ" },
3440 { KRB5_MSG_AP_REP, "AP-REP" },
3441 { KRB5_MSG_TGT_REQ, "TGT-REQ" },
3442 { KRB5_MSG_TGT_REP, "TGT-REP" },
3443 { KRB5_MSG_SAFE, "KRB-SAFE" },
3444 { KRB5_MSG_PRIV, "KRB-PRIV" },
3445 { KRB5_MSG_CRED, "KRB-CRED" },
3446 { KRB5_MSG_ENC_AS_REP_PART, "EncASRepPart" },
3447 { KRB5_MSG_ENC_TGS_REP_PART, "EncTGSRepPart" },
3448 { KRB5_MSG_ENC_AP_REP_PART, "EncAPRepPart" },
3449 { KRB5_MSG_ENC_KRB_PRIV_PART, "EncKrbPrivPart" },
3450 { KRB5_MSG_ENC_KRB_CRED_PART, "EncKrbCredPart" },
3451 { KRB5_MSG_ERROR, "KRB-ERROR" },
3452 { 0, NULL },
3453 };
3454
3455 #define KRB5_GSS_C_DELEG_FLAG 0x01
3456 #define KRB5_GSS_C_MUTUAL_FLAG 0x02
3457 #define KRB5_GSS_C_REPLAY_FLAG 0x04
3458 #define KRB5_GSS_C_SEQUENCE_FLAG 0x08
3459 #define KRB5_GSS_C_CONF_FLAG 0x10
3460 #define KRB5_GSS_C_INTEG_FLAG 0x20
3461 #define KRB5_GSS_C_DCE_STYLE 0x1000
3462
3463 static const true_false_string tfs_gss_flags_deleg = {
3464 "Delegate credentials to remote peer",
3465 "Do NOT delegate"
3466 };
3467 static const true_false_string tfs_gss_flags_mutual = {
3468 "Request that remote peer authenticates itself",
3469 "Mutual authentication NOT required"
3470 };
3471 static const true_false_string tfs_gss_flags_replay = {
3472 "Enable replay protection for signed or sealed messages",
3473 "Do NOT enable replay protection"
3474 };
3475 static const true_false_string tfs_gss_flags_sequence = {
3476 "Enable Out-of-sequence detection for sign or sealed messages",
3477 "Do NOT enable out-of-sequence detection"
3478 };
3479 static const true_false_string tfs_gss_flags_conf = {
3480 "Confidentiality (sealing) may be invoked",
3481 "Do NOT use Confidentiality (sealing)"
3482 };
3483 static const true_false_string tfs_gss_flags_integ = {
3484 "Integrity protection (signing) may be invoked",
3485 "Do NOT use integrity protection"
3486 };
3487
3488 static const true_false_string tfs_gss_flags_dce_style = {
3489 "DCE-STYLE",
3490 "Not using DCE-STYLE"
3491 };
3492
3493 #ifdef HAVE_KERBEROS
3494 static guint8 *
3495 decrypt_krb5_data_asn1(proto_tree *tree, asn1_ctx_t *actx,
3496 int usage, tvbuff_t *cryptotvb, int *datalen)
3497 {
3498 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
3499
3500 #ifdef HAVE_DECRYPT_KRB5_DATA_PRIVATE
3501 return decrypt_krb5_data_private(tree, actx->pinfo, private_data,
3502 usage, cryptotvb,
3503 private_data->etype,
3504 datalen);
3505 #else
3506 return decrypt_krb5_data(tree, actx->pinfo, usage, cryptotvb,
3507 private_data->etype, datalen);
3508 #endif
3509 }
3510
3511 static int
3512 dissect_krb5_decrypt_ticket_data (gboolean imp_tag _U_, tvbuff_t *tvb, int offset, asn1_ctx_t *actx,
3513 proto_tree *tree, int hf_index _U_)
3514 {
3515 guint8 *plaintext;
3516 int length;
3517 tvbuff_t *next_tvb;
3518
3519 next_tvb=tvb_new_subset_remaining(tvb, offset);
3520 length=tvb_captured_length_remaining(tvb, offset);
3521
3522 /* draft-ietf-krb-wg-kerberos-clarifications-05.txt :
3523 * 7.5.1
3524 * All Ticket encrypted parts use usage == 2
3525 */
3526 plaintext=decrypt_krb5_data_asn1(tree, actx, 2, next_tvb, &length);
3527
3528 if(plaintext){
3529 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
3530 tvbuff_t *last_ticket_enc_part_tvb = private_data->last_ticket_enc_part_tvb;
3531 tvbuff_t *child_tvb;
3532 child_tvb = tvb_new_child_real_data(tvb, plaintext, length, length);
3533
3534 /* Add the decrypted data to the data source list. */
3535 add_new_data_source(actx->pinfo, child_tvb, "Krb5 Ticket");
3536
3537 private_data->last_ticket_enc_part_tvb = child_tvb;
3538 offset=dissect_kerberos_Applications(FALSE, child_tvb, 0, actx , tree, /* hf_index*/ -1);
3539 private_data->last_ticket_enc_part_tvb = last_ticket_enc_part_tvb;
3540 }
3541 return offset;
3542 }
3543
3544 static int
3545 dissect_krb5_decrypt_authenticator_data (gboolean imp_tag _U_, tvbuff_t *tvb, int offset, asn1_ctx_t *actx,
3546 proto_tree *tree, int hf_index _U_)
3547 {
3548 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
3549 guint8 *plaintext;
3550 int length;
3551 tvbuff_t *next_tvb;
3552
3553 next_tvb=tvb_new_subset_remaining(tvb, offset);
3554 length=tvb_captured_length_remaining(tvb, offset);
3555
3556 /* draft-ietf-krb-wg-kerberos-clarifications-05.txt :
3557 * 7.5.1
3558 * Authenticators are encrypted with usage
3559 * == 7 or
3560 * == 11
3561 *
3562 * 7. TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator
3563 * (includes TGS authenticator subkey), encrypted with the
3564 * TGS session key (section 5.5.1)
3565 * 11. AP-REQ Authenticator (includes application
3566 * authenticator subkey), encrypted with the application
3567 * session key (section 5.5.1)
3568 */
3569 if (private_data->within_PA_TGS_REQ > 0) {
3570 plaintext=decrypt_krb5_data_asn1(tree, actx, 7, next_tvb, &length);
3571 } else {
3572 plaintext=decrypt_krb5_data_asn1(tree, actx, 11, next_tvb, &length);
3573 }
3574
3575 if(plaintext){
3576 tvbuff_t *child_tvb;
3577 child_tvb = tvb_new_child_real_data(tvb, plaintext, length, length);
3578
3579 /* Add the decrypted data to the data source list. */
3580 add_new_data_source(actx->pinfo, child_tvb, "Krb5 Authenticator");
3581
3582 offset=dissect_kerberos_Applications(FALSE, child_tvb, 0, actx , tree, /* hf_index*/ -1);
3583 }
3584 return offset;
3585 }
3586
3587 static int
3588 dissect_krb5_decrypt_authorization_data(gboolean imp_tag _U_, tvbuff_t *tvb, int offset, asn1_ctx_t *actx,
3589 proto_tree *tree, int hf_index _U_)
3590 {
3591 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
3592 guint8 *plaintext;
3593 int length;
3594 tvbuff_t *next_tvb;
3595
3596 next_tvb=tvb_new_subset_remaining(tvb, offset);
3597 length=tvb_captured_length_remaining(tvb, offset);
3598
3599 /* draft-ietf-krb-wg-kerberos-clarifications-05.txt :
3600 * 7.5.1
3601 * Authenticators are encrypted with usage
3602 * == 5 or
3603 * == 4
3604 *
3605 * 4. TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with
3606 * the TGS session key (section 5.4.1)
3607 * 5. TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with
3608 * the TGS authenticator subkey (section 5.4.1)
3609 */
3610 if (private_data->PA_TGS_REQ_subkey != NULL) {
3611 plaintext=decrypt_krb5_data_asn1(tree, actx, 5, next_tvb, &length);
3612 } else {
3613 plaintext=decrypt_krb5_data_asn1(tree, actx, 4, next_tvb, &length);
3614 }
3615
3616 if(plaintext){
3617 tvbuff_t *child_tvb;
3618 child_tvb = tvb_new_child_real_data(tvb, plaintext, length, length);
3619
3620 /* Add the decrypted data to the data source list. */
3621 add_new_data_source(actx->pinfo, child_tvb, "Krb5 AuthorizationData");
3622
3623 offset=dissect_kerberos_AuthorizationData(FALSE, child_tvb, 0, actx , tree, /* hf_index*/ -1);
3624 }
3625 return offset;
3626 }
3627
3628 static int
3629 dissect_krb5_decrypt_KDC_REP_data (gboolean imp_tag _U_, tvbuff_t *tvb, int offset, asn1_ctx_t *actx,
3630 proto_tree *tree, int hf_index _U_)
3631 {
3632 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
3633 guint8 *plaintext = NULL;
3634 int length;
3635 tvbuff_t *next_tvb;
3636
3637 next_tvb=tvb_new_subset_remaining(tvb, offset);
3638 length=tvb_captured_length_remaining(tvb, offset);
3639
3640 /* draft-ietf-krb-wg-kerberos-clarifications-05.txt :
3641 * 7.5.1
3642 * ASREP/TGSREP encryptedparts are encrypted with usage
3643 * == 3 or
3644 * == 8 or
3645 * == 9
3646 *
3647 * 3. AS-REP encrypted part (includes TGS session key or
3648 * application session key), encrypted with the client key
3649 * (section 5.4.2)
3650 *
3651 * 8. TGS-REP encrypted part (includes application session
3652 * key), encrypted with the TGS session key (section
3653 * 5.4.2)
3654 * 9. TGS-REP encrypted part (includes application session
3655 * key), encrypted with the TGS authenticator subkey
3656 * (section 5.4.2)
3657 *
3658 * We currently don't have a way to find the TGS-REQ state
3659 * in order to check if an authenticator subkey was used.
3660 *
3661 * But if we client used FAST and we got a strengthen_key,
3662 * we're sure an authenticator subkey was used.
3663 *
3664 * Windows don't use an authenticator subkey without FAST,
3665 * but heimdal does.
3666 *
3667 * For now try 8 before 9 in order to avoid overhead and false
3668 * positives for the 'kerberos.missing_keytype' filter in pure
3669 * windows captures.
3670 */
3671 switch (private_data->msg_type) {
3672 case KERBEROS_APPLICATIONS_AS_REP:
3673 plaintext=decrypt_krb5_data_asn1(tree, actx, 3, next_tvb, &length);
3674 break;
3675 case KERBEROS_APPLICATIONS_TGS_REP:
3676 if (private_data->fast_strengthen_key != NULL) {
3677 plaintext=decrypt_krb5_data_asn1(tree, actx, 9, next_tvb, &length);
3678 } else {
3679 plaintext=decrypt_krb5_data_asn1(tree, actx, 8, next_tvb, &length);
3680 if(!plaintext){
3681 plaintext=decrypt_krb5_data_asn1(tree, actx, 9, next_tvb, &length);
3682 }
3683 }
3684 break;
3685 }
3686
3687 if(plaintext){
3688 tvbuff_t *child_tvb;
3689 child_tvb = tvb_new_child_real_data(tvb, plaintext, length, length);
3690
3691 /* Add the decrypted data to the data source list. */
3692 add_new_data_source(actx->pinfo, child_tvb, "Krb5 KDC-REP");
3693
3694 offset=dissect_kerberos_Applications(FALSE, child_tvb, 0, actx , tree, /* hf_index*/ -1);
3695 }
3696 return offset;
3697 }
3698
3699 static int
3700 dissect_krb5_decrypt_PA_ENC_TIMESTAMP (gboolean imp_tag _U_, tvbuff_t *tvb, int offset, asn1_ctx_t *actx,
3701 proto_tree *tree, int hf_index _U_)
3702 {
3703 guint8 *plaintext;
3704 int length;
3705 tvbuff_t *next_tvb;
3706
3707 next_tvb=tvb_new_subset_remaining(tvb, offset);
3708 length=tvb_captured_length_remaining(tvb, offset);
3709
3710 /* draft-ietf-krb-wg-kerberos-clarifications-05.txt :
3711 * 7.5.1
3712 * AS-REQ PA_ENC_TIMESTAMP are encrypted with usage
3713 * == 1
3714 */
3715 plaintext=decrypt_krb5_data_asn1(tree, actx, 1, next_tvb, &length);
3716
3717 if(plaintext){
3718 tvbuff_t *child_tvb;
3719 child_tvb = tvb_new_child_real_data(tvb, plaintext, length, length);
3720
3721 /* Add the decrypted data to the data source list. */
3722 add_new_data_source(actx->pinfo, child_tvb, "Krb5 EncTimestamp");
3723
3724 offset=dissect_kerberos_PA_ENC_TS_ENC(FALSE, child_tvb, 0, actx , tree, /* hf_index*/ -1);
3725 }
3726 return offset;
3727 }
3728
3729 static int
3730 dissect_krb5_decrypt_AP_REP_data (gboolean imp_tag _U_, tvbuff_t *tvb, int offset, asn1_ctx_t *actx,
3731 proto_tree *tree, int hf_index _U_)
3732 {
3733 guint8 *plaintext;
3734 int length;
3735 tvbuff_t *next_tvb;
3736
3737 next_tvb=tvb_new_subset_remaining(tvb, offset);
3738 length=tvb_captured_length_remaining(tvb, offset);
3739
3740 /* draft-ietf-krb-wg-kerberos-clarifications-05.txt :
3741 * 7.5.1
3742 * AP-REP are encrypted with usage == 12
3743 */
3744 plaintext=decrypt_krb5_data_asn1(tree, actx, 12, next_tvb, &length);
3745
3746 if(plaintext){
3747 tvbuff_t *child_tvb;
3748 child_tvb = tvb_new_child_real_data(tvb, plaintext, length, length);
3749
3750 /* Add the decrypted data to the data source list. */
3751 add_new_data_source(actx->pinfo, child_tvb, "Krb5 AP-REP");
3752
3753 offset=dissect_kerberos_Applications(FALSE, child_tvb, 0, actx , tree, /* hf_index*/ -1);
3754 }
3755 return offset;
3756 }
3757
3758 static int
3759 dissect_krb5_decrypt_PRIV_data (gboolean imp_tag _U_, tvbuff_t *tvb, int offset, asn1_ctx_t *actx,
3760 proto_tree *tree, int hf_index _U_)
3761 {
3762 guint8 *plaintext;
3763 int length;
3764 tvbuff_t *next_tvb;
3765
3766 next_tvb=tvb_new_subset_remaining(tvb, offset);
3767 length=tvb_captured_length_remaining(tvb, offset);
3768
3769 /* RFC4120 :
3770 * EncKrbPrivPart encrypted with usage
3771 * == 13
3772 */
3773 plaintext=decrypt_krb5_data_asn1(tree, actx, 13, next_tvb, &length);
3774
3775 if(plaintext){
3776 tvbuff_t *child_tvb;
3777 child_tvb = tvb_new_child_real_data(tvb, plaintext, length, length);
3778
3779 /* Add the decrypted data to the data source list. */
3780 add_new_data_source(actx->pinfo, child_tvb, "Krb5 PRIV");
3781
3782 offset=dissect_kerberos_Applications(FALSE, child_tvb, 0, actx , tree, /* hf_index*/ -1);
3783 }
3784 return offset;
3785 }
3786
3787 static int
3788 dissect_krb5_decrypt_CRED_data (gboolean imp_tag _U_, tvbuff_t *tvb, int offset, asn1_ctx_t *actx,
3789 proto_tree *tree, int hf_index _U_)
3790 {
3791 guint8 *plaintext;
3792 int length;
3793 tvbuff_t *next_tvb;
3794
3795 next_tvb=tvb_new_subset_remaining(tvb, offset);
3796 length=tvb_captured_length_remaining(tvb, offset);
3797
3798 /* RFC4120 :
3799 * EncKrbCredPart encrypted with usage
3800 * == 14
3801 */
3802 plaintext=decrypt_krb5_data_asn1(tree, actx, 14, next_tvb, &length);
3803
3804 if(plaintext){
3805 tvbuff_t *child_tvb;
3806 child_tvb = tvb_new_child_real_data(tvb, plaintext, length, length);
3807
3808 /* Add the decrypted data to the data source list. */
3809 add_new_data_source(actx->pinfo, child_tvb, "Krb5 CRED");
3810
3811 offset=dissect_kerberos_Applications(FALSE, child_tvb, 0, actx , tree, /* hf_index*/ -1);
3812 }
3813 return offset;
3814 }
3815
3816 static int
3817 dissect_krb5_decrypt_KrbFastReq(gboolean imp_tag _U_, tvbuff_t *tvb, int offset, asn1_ctx_t *actx,
3818 proto_tree *tree, int hf_index _U_)
3819 {
3820 guint8 *plaintext;
3821 int length;
3822 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
3823 tvbuff_t *next_tvb;
3824
3825 next_tvb=tvb_new_subset_remaining(tvb, offset);
3826 length=tvb_captured_length_remaining(tvb, offset);
3827
3828 private_data->fast_armor_key = NULL;
3829 if (private_data->PA_FAST_ARMOR_AP_subkey != NULL) {
3830 krb5_fast_key(actx, tree, tvb,
3831 private_data->PA_FAST_ARMOR_AP_subkey,
3832 "subkeyarmor",
3833 private_data->PA_FAST_ARMOR_AP_key,
3834 "ticketarmor",
3835 "KrbFastReq_FAST_armorKey");
3836 if (private_data->PA_TGS_REQ_subkey != NULL) {
3837 enc_key_t *explicit_armor_key = private_data->last_added_key;
3838
3839 /*
3840 * See [MS-KILE] 3.3.5.7.4 Compound Identity
3841 */
3842 krb5_fast_key(actx, tree, tvb,
3843 explicit_armor_key,
3844 "explicitarmor",
3845 private_data->PA_TGS_REQ_subkey,
3846 "tgsarmor",
3847 "KrbFastReq_explicitArmorKey");
3848 }
3849 private_data->fast_armor_key = private_data->last_added_key;
3850 } else if (private_data->PA_TGS_REQ_subkey != NULL) {
3851 krb5_fast_key(actx, tree, tvb,
3852 private_data->PA_TGS_REQ_subkey,
3853 "subkeyarmor",
3854 private_data->PA_TGS_REQ_key,
3855 "ticketarmor",
3856 "KrbFastReq_TGS_armorKey");
3857 private_data->fast_armor_key = private_data->last_added_key;
3858 }
3859
3860 /* RFC6113 :
3861 * KrbFastResponse encrypted with usage
3862 * KEY_USAGE_FAST_ENC 51
3863 */
3864 plaintext=decrypt_krb5_data_asn1(tree, actx, KEY_USAGE_FAST_ENC,
3865 next_tvb, &length);
3866
3867 if(plaintext){
3868 tvbuff_t *child_tvb;
3869 child_tvb = tvb_new_child_real_data(tvb, plaintext, length, length);
3870
3871 /* Add the decrypted data to the data source list. */
3872 add_new_data_source(actx->pinfo, child_tvb, "Krb5 FastReq");
3873
3874 offset=dissect_kerberos_KrbFastReq(FALSE, child_tvb, 0, actx , tree, /* hf_index*/ -1);
3875 }
3876 return offset;
3877 }
3878
3879 static int
3880 dissect_krb5_decrypt_KrbFastResponse(gboolean imp_tag _U_, tvbuff_t *tvb, int offset, asn1_ctx_t *actx,
3881 proto_tree *tree, int hf_index _U_)
3882 {
3883 guint8 *plaintext;
3884 int length;
3885 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
3886 tvbuff_t *next_tvb;
3887
3888 next_tvb=tvb_new_subset_remaining(tvb, offset);
3889 length=tvb_captured_length_remaining(tvb, offset);
3890
3891 /*
3892 * RFC6113 :
3893 * KrbFastResponse encrypted with usage
3894 * KEY_USAGE_FAST_REP 52
3895 */
3896 plaintext=decrypt_krb5_data_asn1(tree, actx, KEY_USAGE_FAST_REP,
3897 next_tvb, &length);
3898
3899 if(plaintext){
3900 tvbuff_t *child_tvb;
3901 child_tvb = tvb_new_child_real_data(tvb, plaintext, length, length);
3902
3903 /* Add the decrypted data to the data source list. */
3904 add_new_data_source(actx->pinfo, child_tvb, "Krb5 FastRep");
3905
3906 private_data->fast_armor_key = private_data->last_decryption_key;
3907 offset=dissect_kerberos_KrbFastResponse(FALSE, child_tvb, 0, actx , tree, /* hf_index*/ -1);
3908 }
3909 return offset;
3910 }
3911
3912 static int
3913 dissect_krb5_decrypt_EncryptedChallenge(gboolean imp_tag _U_, tvbuff_t *tvb, int offset, asn1_ctx_t *actx,
3914 proto_tree *tree, int hf_index _U_)
3915 {
3916 guint8 *plaintext;
3917 int length;
3918 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
3919 tvbuff_t *next_tvb;
3920 int usage = 0;
3921 const char *name = NULL;
3922
3923 next_tvb=tvb_new_subset_remaining(tvb, offset);
3924 length=tvb_captured_length_remaining(tvb, offset);
3925
3926 /* RFC6113 :
3927 * KEY_USAGE_ENC_CHALLENGE_CLIENT 54
3928 * KEY_USAGE_ENC_CHALLENGE_KDC 55
3929 */
3930 if (kerberos_private_is_kdc_req(private_data)) {
3931 usage = KEY_USAGE_ENC_CHALLENGE_CLIENT;
3932 name = "Krb5 CHALLENGE_CLIENT";
3933 } else {
3934 usage = KEY_USAGE_ENC_CHALLENGE_KDC;
3935 name = "Krb5 CHALLENGE_KDC";
3936 }
3937 plaintext=decrypt_krb5_data_asn1(tree, actx, usage, next_tvb, &length);
3938
3939 if(plaintext){
3940 tvbuff_t *child_tvb;
3941 child_tvb = tvb_new_child_real_data(tvb, plaintext, length, length);
3942
3943 /* Add the decrypted data to the data source list. */
3944 add_new_data_source(actx->pinfo, child_tvb, name);
3945
3946 offset=dissect_kerberos_PA_ENC_TS_ENC(FALSE, child_tvb, 0, actx , tree, /* hf_index*/ -1);
3947 }
3948 return offset;
3949 }
3950 #endif /* HAVE_KERBEROS */
3951
3952 static int * const hf_krb_pa_supported_enctypes_fields[] = {
3953 &hf_krb_pa_supported_enctypes_des_cbc_crc,
3954 &hf_krb_pa_supported_enctypes_des_cbc_md5,
3955 &hf_krb_pa_supported_enctypes_rc4_hmac,
3956 &hf_krb_pa_supported_enctypes_aes128_cts_hmac_sha1_96,
3957 &hf_krb_pa_supported_enctypes_aes256_cts_hmac_sha1_96,
3958 &hf_krb_pa_supported_enctypes_fast_supported,
3959 &hf_krb_pa_supported_enctypes_compound_identity_supported,
3960 &hf_krb_pa_supported_enctypes_claims_supported,
3961 &hf_krb_pa_supported_enctypes_resource_sid_compression_disabled,
3962 NULL,
3963 };
3964
3965 static int
3966 dissect_kerberos_PA_SUPPORTED_ENCTYPES(gboolean implicit_tag _U_, tvbuff_t *tvb _U_,
3967 int offset _U_, asn1_ctx_t *actx _U_,
3968 proto_tree *tree _U_, int hf_index _U_)
3969 {
3970 actx->created_item = proto_tree_add_bitmask(tree, tvb, offset,
3971 hf_krb_pa_supported_enctypes,
3972 ett_krb_pa_supported_enctypes,
3973 hf_krb_pa_supported_enctypes_fields,
3974 ENC_LITTLE_ENDIAN);
3975 offset += 4;
3976
3977 return offset;
3978 }
3979
3980 static int * const hf_krb_ad_ap_options_fields[] = {
3981 &hf_krb_ad_ap_options_cbt,
3982 NULL,
3983 };
3984
3985
3986 static int
3987 dissect_kerberos_AD_AP_OPTIONS(gboolean implicit_tag _U_, tvbuff_t *tvb _U_,
3988 int offset _U_, asn1_ctx_t *actx _U_,
3989 proto_tree *tree _U_, int hf_index _U_)
3990 {
3991 actx->created_item = proto_tree_add_bitmask(tree, tvb, offset,
3992 hf_krb_ad_ap_options,
3993 ett_krb_ad_ap_options,
3994 hf_krb_ad_ap_options_fields,
3995 ENC_LITTLE_ENDIAN);
3996 offset += 4;
3997
3998 return offset;
3999 }
4000
4001 static int
4002 dissect_kerberos_AD_TARGET_PRINCIPAL(gboolean implicit_tag _U_, tvbuff_t *tvb _U_,
4003 int offset _U_, asn1_ctx_t *actx _U_,
4004 proto_tree *tree _U_, int hf_index _U_)
4005 {
4006 int tp_offset, tp_len;
4007 guint16 bc;
4008
4009 bc = tvb_reported_length_remaining(tvb, offset);
4010 tp_offset = offset;
4011 tp_len = bc;
4012 proto_tree_add_item(tree, hf_krb_ad_target_principal, tvb,
4013 tp_offset, tp_len,
4014 ENC_UTF_16 | ENC_LITTLE_ENDIAN);
4015
4016 return offset;
4017 }
4018
4019 /* Dissect a GSSAPI checksum as per RFC1964. This is NOT ASN.1 encoded.
4020 */
4021 static int
4022 dissect_krb5_rfc1964_checksum(asn1_ctx_t *actx _U_, proto_tree *tree, tvbuff_t *tvb)
4023 {
4024 int offset=0;
4025 guint32 len;
4026 guint16 dlglen;
4027
4028 /* Length of Bnd field */
4029 len=tvb_get_letohl(tvb, offset);
4030 proto_tree_add_item(tree, hf_krb_gssapi_len, tvb, offset, 4, ENC_LITTLE_ENDIAN);
4031 offset += 4;
4032
4033 /* Bnd field */
4034 proto_tree_add_item(tree, hf_krb_gssapi_bnd, tvb, offset, len, ENC_NA);
4035 offset += len;
4036
4037
4038 /* flags */
4039 proto_tree_add_item(tree, hf_krb_gssapi_c_flag_dce_style, tvb, offset, 4, ENC_LITTLE_ENDIAN);
4040 proto_tree_add_item(tree, hf_krb_gssapi_c_flag_integ, tvb, offset, 4, ENC_LITTLE_ENDIAN);
4041 proto_tree_add_item(tree, hf_krb_gssapi_c_flag_conf, tvb, offset, 4, ENC_LITTLE_ENDIAN);
4042 proto_tree_add_item(tree, hf_krb_gssapi_c_flag_sequence, tvb, offset, 4, ENC_LITTLE_ENDIAN);
4043 proto_tree_add_item(tree, hf_krb_gssapi_c_flag_replay, tvb, offset, 4, ENC_LITTLE_ENDIAN);
4044 proto_tree_add_item(tree, hf_krb_gssapi_c_flag_mutual, tvb, offset, 4, ENC_LITTLE_ENDIAN);
4045 proto_tree_add_item(tree, hf_krb_gssapi_c_flag_deleg, tvb, offset, 4, ENC_LITTLE_ENDIAN);
4046 offset += 4;
4047
4048 /* the next fields are optional so we have to check that we have
4049 * more data in our buffers */
4050 if(tvb_reported_length_remaining(tvb, offset)<2){
4051 return offset;
4052 }
4053 /* dlgopt identifier */
4054 proto_tree_add_item(tree, hf_krb_gssapi_dlgopt, tvb, offset, 2, ENC_LITTLE_ENDIAN);
4055 offset += 2;
4056
4057 if(tvb_reported_length_remaining(tvb, offset)<2){
4058 return offset;
4059 }
4060 /* dlglen identifier */
4061 dlglen=tvb_get_letohs(tvb, offset);
4062 proto_tree_add_item(tree, hf_krb_gssapi_dlglen, tvb, offset, 2, ENC_LITTLE_ENDIAN);
4063 offset += 2;
4064
4065 if(dlglen!=tvb_reported_length_remaining(tvb, offset)){
4066 proto_tree_add_expert_format(tree, actx->pinfo, &ei_krb_gssapi_dlglen, tvb, 0, 0,
4067 "Error: DlgLen:%d is not the same as number of bytes remaining:%d", dlglen, tvb_captured_length_remaining(tvb, offset));
4068 return offset;
4069 }
4070
4071 /* this should now be a KRB_CRED message */
4072 offset=dissect_kerberos_Applications(FALSE, tvb, offset, actx, tree, /* hf_index */ -1);
4073
4074 return offset;
4075 }
4076
4077 static int
4078 dissect_krb5_PA_PROV_SRV_LOCATION(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_)
4079 {
4080 offset=dissect_ber_GeneralString(actx, tree, tvb, offset, hf_krb_provsrv_location, NULL, 0);
4081
4082 return offset;
4083 }
4084
4085 static int
4086 dissect_krb5_PW_SALT(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_)
4087 {
4088 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
4089 gint length;
4090 guint32 nt_status = 0;
4091 guint32 reserved = 0;
4092 guint32 flags = 0;
4093
4094 /*
4095 * Microsoft stores a special 12 byte blob here
4096 * [MS-KILE] 2.2.1 KERB-EXT-ERROR
4097 * guint32 NT_status
4098 * guint32 reserved (== 0)
4099 * guint32 flags (at least 0x00000001 is set)
4100 */
4101 length = tvb_reported_length_remaining(tvb, offset);
4102 if (length <= 0) {
4103 return offset;
4104 }
4105 if (length != 12) {
4106 goto no_error;
4107 }
4108
4109 if (private_data->errorcode == 0) {
4110 goto no_error;
4111 }
4112
4113 if (!private_data->try_nt_status) {
4114 goto no_error;
4115 }
4116
4117 nt_status = tvb_get_letohl(tvb, offset);
4118 reserved = tvb_get_letohl(tvb, offset + 4);
4119 flags = tvb_get_letohl(tvb, offset + 8);
4120
4121 if (nt_status == 0 || reserved != 0 || flags == 0) {
4122 goto no_error;
4123 }
4124
4125 proto_tree_add_item(tree, hf_krb_ext_error_nt_status, tvb, offset, 4,
4126 ENC_LITTLE_ENDIAN);
4127 col_append_fstr(actx->pinfo->cinfo, COL_INFO,
4128 " NT Status: %s",
4129 val_to_str(nt_status, NT_errors,
4130 "Unknown error code %#x"));
4131 offset += 4;
4132
4133 proto_tree_add_item(tree, hf_krb_ext_error_reserved, tvb, offset, 4,
4134 ENC_LITTLE_ENDIAN);
4135 offset += 4;
4136
4137 proto_tree_add_item(tree, hf_krb_ext_error_flags, tvb, offset, 4,
4138 ENC_LITTLE_ENDIAN);
4139 offset += 4;
4140
4141 return offset;
4142
4143 no_error:
4144 proto_tree_add_item(tree, hf_krb_pw_salt, tvb, offset, length, ENC_NA);
4145 offset += length;
4146
4147 return offset;
4148 }
4149
4150 static int
4151 dissect_krb5_PAC_DREP(proto_tree *parent_tree, tvbuff_t *tvb, int offset, guint8 *drep)
4152 {
4153 proto_tree *tree;
4154 guint8 val;
4155
4156 tree = proto_tree_add_subtree(parent_tree, tvb, offset, 16, ett_krb_pac_drep, NULL, "DREP");
4157
4158 val = tvb_get_guint8(tvb, offset);
4159 proto_tree_add_uint(tree, hf_dcerpc_drep_byteorder, tvb, offset, 1, val>>4);
4160
4161 offset++;
4162
4163 if (drep) {
4164 *drep = val;
4165 }
4166
4167 return offset;
4168 }
4169
4170 /* This might be some sort of header that MIDL generates when creating
4171 * marshalling/unmarshalling code for blobs that are not to be transported
4172 * ontop of DCERPC and where the DREP fields specifying things such as
4173 * endianess and similar are not available.
4174 */
4175 static int
4176 dissect_krb5_PAC_NDRHEADERBLOB(proto_tree *parent_tree, tvbuff_t *tvb, int offset, guint8 *drep, asn1_ctx_t *actx _U_)
4177 {
4178 proto_tree *tree;
4179
4180 tree = proto_tree_add_subtree(parent_tree, tvb, offset, 16, ett_krb_pac_midl_blob, NULL, "MES header");
4181
4182 /* modified DREP field that is used for stuff that is transporetd ontop
4183 of non dcerpc
4184 */
4185 proto_tree_add_item(tree, hf_krb_midl_version, tvb, offset, 1, ENC_LITTLE_ENDIAN);
4186 offset++;
4187
4188 offset = dissect_krb5_PAC_DREP(tree, tvb, offset, drep);
4189
4190
4191 proto_tree_add_item(tree, hf_krb_midl_hdr_len, tvb, offset, 2, ENC_LITTLE_ENDIAN);
4192 offset+=2;
4193
4194 proto_tree_add_item(tree, hf_krb_midl_fill_bytes, tvb, offset, 4, ENC_LITTLE_ENDIAN);
4195 offset += 4;
4196
4197 /* length of blob that follows */
4198 proto_tree_add_item(tree, hf_krb_midl_blob_len, tvb, offset, 8, ENC_LITTLE_ENDIAN);
4199 offset += 8;
4200
4201 return offset;
4202 }
4203
4204 static int
4205 dissect_krb5_PAC_LOGON_INFO(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
4206 {
4207 proto_item *item;
4208 proto_tree *tree;
4209 guint8 drep[4] = { 0x10, 0x00, 0x00, 0x00}; /* fake DREP struct */
4210 static dcerpc_info di; /* fake dcerpc_info struct */
4211 static dcerpc_call_value call_data;
4212
4213 item = proto_tree_add_item(parent_tree, hf_krb_pac_logon_info, tvb, offset, -1, ENC_NA);
4214 tree = proto_item_add_subtree(item, ett_krb_pac_logon_info);
4215
4216 /* skip the first 16 bytes, they are some magic created by the idl
4217 * compiler the first 4 bytes might be flags?
4218 */
4219 offset = dissect_krb5_PAC_NDRHEADERBLOB(tree, tvb, offset, &drep[0], actx);
4220
4221 /* the PAC_LOGON_INFO blob */
4222 /* fake whatever state the dcerpc runtime support needs */
4223 di.conformant_run=0;
4224 /* we need di->call_data->flags.NDR64 == 0 */
4225 di.call_data=&call_data;
4226 init_ndr_pointer_list(&di);
4227 offset = dissect_ndr_pointer(tvb, offset, actx->pinfo, tree, &di, drep,
4228 netlogon_dissect_PAC_LOGON_INFO, NDR_POINTER_UNIQUE,
4229 "PAC_LOGON_INFO:", -1);
4230
4231 return offset;
4232 }
4233
4234
4235 static int
4236 dissect_krb5_PAC_CREDENTIAL_DATA(proto_tree *parent_tree, tvbuff_t *tvb, int offset, packet_info *pinfo _U_)
4237 {
4238 proto_tree_add_item(parent_tree, hf_krb_pac_credential_data, tvb, offset, -1, ENC_NA);
4239
4240 return offset;
4241 }
4242
4243 static int
4244 dissect_krb5_PAC_CREDENTIAL_INFO(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx)
4245 {
4246 proto_item *item;
4247 proto_tree *tree;
4248 guint8 *plaintext = NULL;
4249 int plainlen = 0;
4250 int length = 0;
4251 #define KRB5_KU_OTHER_ENCRYPTED 16
4252 #ifdef HAVE_KERBEROS
4253 guint32 etype;
4254 tvbuff_t *next_tvb;
4255 int usage = KRB5_KU_OTHER_ENCRYPTED;
4256 #endif
4257
4258 item = proto_tree_add_item(parent_tree, hf_krb_pac_credential_info, tvb, offset, -1, ENC_NA);
4259 tree = proto_item_add_subtree(item, ett_krb_pac_credential_info);
4260
4261 /* version */
4262 proto_tree_add_item(tree, hf_krb_pac_credential_info_version, tvb,
4263 offset, 4, ENC_LITTLE_ENDIAN);
4264 offset+=4;
4265
4266 #ifdef HAVE_KERBEROS
4267 /* etype */
4268 etype = tvb_get_letohl(tvb, offset);
4269 #endif
4270 proto_tree_add_item(tree, hf_krb_pac_credential_info_etype, tvb,
4271 offset, 4, ENC_LITTLE_ENDIAN);
4272 offset+=4;
4273
4274 #ifdef HAVE_KERBEROS
4275 /* data */
4276 next_tvb=tvb_new_subset_remaining(tvb, offset);
4277 length=tvb_captured_length_remaining(tvb, offset);
4278
4279 plaintext=decrypt_krb5_data(tree, actx->pinfo, usage, next_tvb, (int)etype, &plainlen);
4280 #endif
4281
4282 if (plaintext != NULL) {
4283 tvbuff_t *child_tvb;
4284 child_tvb = tvb_new_child_real_data(tvb, plaintext, plainlen, plainlen);
4285
4286 /* Add the decrypted data to the data source list. */
4287 add_new_data_source(actx->pinfo, child_tvb, "Krb5 PAC_CREDENTIAL");
4288
4289 dissect_krb5_PAC_CREDENTIAL_DATA(tree, child_tvb, 0, actx->pinfo);
4290 }
4291
4292 return offset + length;
4293 }
4294
4295 static int
4296 dissect_krb5_PAC_S4U_DELEGATION_INFO(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx)
4297 {
4298 proto_item *item;
4299 proto_tree *tree;
4300 guint8 drep[4] = { 0x10, 0x00, 0x00, 0x00}; /* fake DREP struct */
4301 static dcerpc_info di; /* fake dcerpc_info struct */
4302 static dcerpc_call_value call_data;
4303
4304 item = proto_tree_add_item(parent_tree, hf_krb_pac_s4u_delegation_info, tvb, offset, -1, ENC_NA);
4305 tree = proto_item_add_subtree(item, ett_krb_pac_s4u_delegation_info);
4306
4307 /* skip the first 16 bytes, they are some magic created by the idl
4308 * compiler the first 4 bytes might be flags?
4309 */
4310 offset = dissect_krb5_PAC_NDRHEADERBLOB(tree, tvb, offset, &drep[0], actx);
4311
4312
4313 /* the S4U_DELEGATION_INFO blob. See [MS-PAC] */
4314 /* fake whatever state the dcerpc runtime support needs */
4315 di.conformant_run=0;
4316 /* we need di->call_data->flags.NDR64 == 0 */
4317 di.call_data=&call_data;
4318 init_ndr_pointer_list(&di);
4319 offset = dissect_ndr_pointer(tvb, offset, actx->pinfo, tree, &di, drep,
4320 netlogon_dissect_PAC_S4U_DELEGATION_INFO, NDR_POINTER_UNIQUE,
4321 "PAC_S4U_DELEGATION_INFO:", -1);
4322
4323 return offset;
4324 }
4325
4326 static int
4327 dissect_krb5_PAC_UPN_DNS_INFO(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
4328 {
4329 proto_item *item;
4330 proto_tree *tree;
4331 guint16 dns_offset, dns_len;
4332 guint16 upn_offset, upn_len;
4333
4334 item = proto_tree_add_item(parent_tree, hf_krb_pac_upn_dns_info, tvb, offset, -1, ENC_NA);
4335 tree = proto_item_add_subtree(item, ett_krb_pac_upn_dns_info);
4336
4337 /* upn */
4338 upn_len = tvb_get_letohs(tvb, offset);
4339 proto_tree_add_item(tree, hf_krb_pac_upn_upn_len, tvb, offset, 2, ENC_LITTLE_ENDIAN);
4340 offset+=2;
4341 upn_offset = tvb_get_letohs(tvb, offset);
4342 proto_tree_add_item(tree, hf_krb_pac_upn_upn_offset, tvb, offset, 2, ENC_LITTLE_ENDIAN);
4343 offset+=2;
4344
4345 /* dns */
4346 dns_len = tvb_get_letohs(tvb, offset);
4347 proto_tree_add_item(tree, hf_krb_pac_upn_dns_len, tvb, offset, 2, ENC_LITTLE_ENDIAN);
4348 offset+=2;
4349 dns_offset = tvb_get_letohs(tvb, offset);
4350 proto_tree_add_item(tree, hf_krb_pac_upn_dns_offset, tvb, offset, 2, ENC_LITTLE_ENDIAN);
4351 offset+=2;
4352
4353 /* flags */
4354 proto_tree_add_item(tree, hf_krb_pac_upn_flags, tvb, offset, 4, ENC_LITTLE_ENDIAN);
4355
4356 /* upn */
4357 proto_tree_add_item(tree, hf_krb_pac_upn_upn_name, tvb, upn_offset, upn_len, ENC_UTF_16|ENC_LITTLE_ENDIAN);
4358
4359 /* dns */
4360 proto_tree_add_item(tree, hf_krb_pac_upn_dns_name, tvb, dns_offset, dns_len, ENC_UTF_16|ENC_LITTLE_ENDIAN);
4361
4362 return dns_offset;
4363 }
4364
4365 static int
4366 dissect_krb5_PAC_CLIENT_CLAIMS_INFO(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
4367 {
4368 int length = tvb_captured_length_remaining(tvb, offset);
4369
4370 if (length == 0) {
4371 return offset;
4372 }
4373
4374 proto_tree_add_item(parent_tree, hf_krb_pac_client_claims_info, tvb, offset, -1, ENC_NA);
4375
4376 return offset;
4377 }
4378
4379 static int
4380 dissect_krb5_PAC_DEVICE_INFO(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
4381 {
4382 proto_item *item;
4383 proto_tree *tree;
4384 guint8 drep[4] = { 0x10, 0x00, 0x00, 0x00}; /* fake DREP struct */
4385 static dcerpc_info di; /* fake dcerpc_info struct */
4386 static dcerpc_call_value call_data;
4387
4388 item = proto_tree_add_item(parent_tree, hf_krb_pac_device_info, tvb, offset, -1, ENC_NA);
4389 tree = proto_item_add_subtree(item, ett_krb_pac_device_info);
4390
4391 /* skip the first 16 bytes, they are some magic created by the idl
4392 * compiler the first 4 bytes might be flags?
4393 */
4394 offset = dissect_krb5_PAC_NDRHEADERBLOB(tree, tvb, offset, &drep[0], actx);
4395
4396 /* the PAC_DEVICE_INFO blob */
4397 /* fake whatever state the dcerpc runtime support needs */
4398 di.conformant_run=0;
4399 /* we need di->call_data->flags.NDR64 == 0 */
4400 di.call_data=&call_data;
4401 init_ndr_pointer_list(&di);
4402 offset = dissect_ndr_pointer(tvb, offset, actx->pinfo, tree, &di, drep,
4403 netlogon_dissect_PAC_DEVICE_INFO, NDR_POINTER_UNIQUE,
4404 "PAC_DEVICE_INFO:", -1);
4405
4406 return offset;
4407 }
4408
4409 static int
4410 dissect_krb5_PAC_DEVICE_CLAIMS_INFO(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
4411 {
4412 int length = tvb_captured_length_remaining(tvb, offset);
4413
4414 if (length == 0) {
4415 return offset;
4416 }
4417
4418 proto_tree_add_item(parent_tree, hf_krb_pac_device_claims_info, tvb, offset, -1, ENC_NA);
4419
4420 return offset;
4421 }
4422
4423 static int
4424 dissect_krb5_PAC_SERVER_CHECKSUM(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
4425 {
4426 proto_item *item;
4427 proto_tree *tree;
4428
4429 item = proto_tree_add_item(parent_tree, hf_krb_pac_server_checksum, tvb, offset, -1, ENC_NA);
4430 tree = proto_item_add_subtree(item, ett_krb_pac_server_checksum);
4431
4432 /* signature type */
4433 proto_tree_add_item(tree, hf_krb_pac_signature_type, tvb, offset, 4, ENC_LITTLE_ENDIAN);
4434 offset+=4;
4435
4436 /* signature data */
4437 proto_tree_add_item(tree, hf_krb_pac_signature_signature, tvb, offset, -1, ENC_NA);
4438
4439 return offset;
4440 }
4441
4442 static int
4443 dissect_krb5_PAC_PRIVSVR_CHECKSUM(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
4444 {
4445 proto_item *item;
4446 proto_tree *tree;
4447
4448 item = proto_tree_add_item(parent_tree, hf_krb_pac_privsvr_checksum, tvb, offset, -1, ENC_NA);
4449 tree = proto_item_add_subtree(item, ett_krb_pac_privsvr_checksum);
4450
4451 /* signature type */
4452 proto_tree_add_item(tree, hf_krb_pac_signature_type, tvb, offset, 4, ENC_LITTLE_ENDIAN);
4453 offset+=4;
4454
4455 /* signature data */
4456 proto_tree_add_item(tree, hf_krb_pac_signature_signature, tvb, offset, -1, ENC_NA);
4457
4458 return offset;
4459 }
4460
4461 static int
4462 dissect_krb5_PAC_CLIENT_INFO_TYPE(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
4463 {
4464 proto_item *item;
4465 proto_tree *tree;
4466 guint16 namelen;
4467
4468 item = proto_tree_add_item(parent_tree, hf_krb_pac_client_info_type, tvb, offset, -1, ENC_NA);
4469 tree = proto_item_add_subtree(item, ett_krb_pac_client_info_type);
4470
4471 /* clientid */
4472 offset = dissect_nt_64bit_time(tvb, tree, offset, hf_krb_pac_clientid);
4473
4474 /* name length */
4475 namelen=tvb_get_letohs(tvb, offset);
4476 proto_tree_add_uint(tree, hf_krb_pac_namelen, tvb, offset, 2, namelen);
4477 offset+=2;
4478
4479 /* client name */
4480 proto_tree_add_item(tree, hf_krb_pac_clientname, tvb, offset, namelen, ENC_UTF_16|ENC_LITTLE_ENDIAN);
4481 offset+=namelen;
4482
4483 return offset;
4484 }
4485
4486 static int
4487 dissect_krb5_PAC_TICKET_CHECKSUM(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
4488 {
4489 proto_item *item;
4490 proto_tree *tree;
4491
4492 item = proto_tree_add_item(parent_tree, hf_krb_pac_ticket_checksum, tvb, offset, -1, ENC_NA);
4493 tree = proto_item_add_subtree(item, ett_krb_pac_ticket_checksum);
4494
4495 /* signature type */
4496 proto_tree_add_item(tree, hf_krb_pac_signature_type, tvb, offset, 4, ENC_LITTLE_ENDIAN);
4497 offset+=4;
4498
4499 /* signature data */
4500 proto_tree_add_item(tree, hf_krb_pac_signature_signature, tvb, offset, -1, ENC_NA);
4501
4502 return offset;
4503 }
4504
4505 static int
4506 dissect_krb5_AD_WIN2K_PAC_struct(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx)
4507 {
4508 guint32 pac_type;
4509 guint32 pac_size;
4510 guint32 pac_offset;
4511 proto_item *it=NULL;
4512 proto_tree *tr=NULL;
4513 tvbuff_t *next_tvb;
4514
4515 /* type of pac data */
4516 pac_type=tvb_get_letohl(tvb, offset);
4517 it=proto_tree_add_uint(tree, hf_krb_w2k_pac_type, tvb, offset, 4, pac_type);
4518 tr=proto_item_add_subtree(it, ett_krb_pac);
4519
4520 offset += 4;
4521
4522 /* size of pac data */
4523 pac_size=tvb_get_letohl(tvb, offset);
4524 proto_tree_add_uint(tr, hf_krb_w2k_pac_size, tvb, offset, 4, pac_size);
4525 offset += 4;
4526
4527 /* offset to pac data */
4528 pac_offset=tvb_get_letohl(tvb, offset);
4529 proto_tree_add_uint(tr, hf_krb_w2k_pac_offset, tvb, offset, 4, pac_offset);
4530 offset += 8;
4531
4532 next_tvb=tvb_new_subset_length_caplen(tvb, pac_offset, pac_size, pac_size);
4533 switch(pac_type){
4534 case PAC_LOGON_INFO:
4535 dissect_krb5_PAC_LOGON_INFO(tr, next_tvb, 0, actx);
4536 break;
4537 case PAC_CREDENTIAL_TYPE:
4538 dissect_krb5_PAC_CREDENTIAL_INFO(tr, next_tvb, 0, actx);
4539 break;
4540 case PAC_SERVER_CHECKSUM:
4541 dissect_krb5_PAC_SERVER_CHECKSUM(tr, next_tvb, 0, actx);
4542 break;
4543 case PAC_PRIVSVR_CHECKSUM:
4544 dissect_krb5_PAC_PRIVSVR_CHECKSUM(tr, next_tvb, 0, actx);
4545 break;
4546 case PAC_CLIENT_INFO_TYPE:
4547 dissect_krb5_PAC_CLIENT_INFO_TYPE(tr, next_tvb, 0, actx);
4548 break;
4549 case PAC_S4U_DELEGATION_INFO:
4550 dissect_krb5_PAC_S4U_DELEGATION_INFO(tr, next_tvb, 0, actx);
4551 break;
4552 case PAC_UPN_DNS_INFO:
4553 dissect_krb5_PAC_UPN_DNS_INFO(tr, next_tvb, 0, actx);
4554 break;
4555 case PAC_CLIENT_CLAIMS_INFO:
4556 dissect_krb5_PAC_CLIENT_CLAIMS_INFO(tr, next_tvb, 0, actx);
4557 break;
4558 case PAC_DEVICE_INFO:
4559 dissect_krb5_PAC_DEVICE_INFO(tr, next_tvb, 0, actx);
4560 break;
4561 case PAC_DEVICE_CLAIMS_INFO:
4562 dissect_krb5_PAC_DEVICE_CLAIMS_INFO(tr, next_tvb, 0, actx);
4563 break;
4564 case PAC_TICKET_CHECKSUM:
4565 dissect_krb5_PAC_TICKET_CHECKSUM(tr, next_tvb, 0, actx);
4566 break;
4567
4568 default:
4569 break;
4570 }
4571 return offset;
4572 }
4573
4574 static int
4575 dissect_krb5_AD_WIN2K_PAC(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, asn1_ctx_t *actx, proto_tree *tree, int hf_index _U_)
4576 {
4577 guint32 entries;
4578 guint32 version;
4579 guint32 i;
4580
4581 #if defined(HAVE_MIT_KERBEROS) && defined(HAVE_KRB5_PAC_VERIFY)
4582 verify_krb5_pac(tree, actx, tvb);
4583 #endif
4584
4585 /* first in the PAC structure comes the number of entries */
4586 entries=tvb_get_letohl(tvb, offset);
4587 proto_tree_add_uint(tree, hf_krb_w2k_pac_entries, tvb, offset, 4, entries);
4588 offset += 4;
4589
4590 /* second comes the version */
4591 version=tvb_get_letohl(tvb, offset);
4592 proto_tree_add_uint(tree, hf_krb_w2k_pac_version, tvb, offset, 4, version);
4593 offset += 4;
4594
4595 for(i=0;i<entries;i++){
4596 offset=dissect_krb5_AD_WIN2K_PAC_struct(tree, tvb, offset, actx);
4597 }
4598
4599 return offset;
4600 }
4601
4602
4603 /*--- Included file: packet-kerberos-fn.c ---*/
4604 #line 1 "./asn1/kerberos/packet-kerberos-fn.c"
4605
4606
4607 static int
4608 dissect_kerberos_INTEGER_5(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
4609 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
4610 NULL);
4611
4612 return offset;
4613 }
4614
4615
4616
4617 static int
4618 dissect_kerberos_KerberosString(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
4619 offset = dissect_ber_restricted_string(implicit_tag, BER_UNI_TAG_GeneralString,
4620 actx, tree, tvb, offset, hf_index,
4621 NULL);
4622
4623 return offset;
4624 }
4625
4626
4627
4628 static int
4629 dissect_kerberos_Realm(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
4630 offset = dissect_kerberos_KerberosString(implicit_tag, tvb, offset, actx, tree, hf_index);
4631
4632 return offset;
4633 }
4634
4635
4636 static const value_string kerberos_NAME_TYPE_vals[] = {
4637 { 0, "kRB5-NT-UNKNOWN" },
4638 { 1, "kRB5-NT-PRINCIPAL" },
4639 { 2, "kRB5-NT-SRV-INST" },
4640 { 3, "kRB5-NT-SRV-HST" },
4641 { 4, "kRB5-NT-SRV-XHST" },
4642 { 5, "kRB5-NT-UID" },
4643 { 6, "kRB5-NT-X500-PRINCIPAL" },
4644 { 7, "kRB5-NT-SMTP-NAME" },
4645 { 10, "kRB5-NT-ENTERPRISE-PRINCIPAL" },
4646 { 11, "kRB5-NT-WELLKNOWN" },
4647 { 12, "kRB5-NT-SRV-HST-DOMAIN" },
4648 { -130, "kRB5-NT-ENT-PRINCIPAL-AND-ID" },
4649 { -128, "kRB5-NT-MS-PRINCIPAL" },
4650 { -129, "kRB5-NT-MS-PRINCIPAL-AND-ID" },
4651 { -1200, "kRB5-NT-NTLM" },
4652 { -1201, "kRB5-NT-X509-GENERAL-NAME" },
4653 { -1202, "kRB5-NT-GSS-HOSTBASED-SERVICE" },
4654 { -1203, "kRB5-NT-CACHE-UUID" },
4655 { -195894762, "kRB5-NT-SRV-HST-NEEDS-CANON" },
4656 { 0, NULL }
4657 };
4658
4659
4660 static int
4661 dissect_kerberos_NAME_TYPE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
4662 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
4663 NULL);
4664
4665 return offset;
4666 }
4667
4668
4669
4670 static int
4671 dissect_kerberos_SNameString(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
4672 offset = dissect_ber_restricted_string(implicit_tag, BER_UNI_TAG_GeneralString,
4673 actx, tree, tvb, offset, hf_index,
4674 NULL);
4675
4676 return offset;
4677 }
4678
4679
4680 static const ber_sequence_t SEQUENCE_OF_SNameString_sequence_of[1] = {
4681 { &hf_kerberos_sname_string_item, BER_CLASS_UNI, BER_UNI_TAG_GeneralString, BER_FLAGS_NOOWNTAG, dissect_kerberos_SNameString },
4682 };
4683
4684 static int
4685 dissect_kerberos_SEQUENCE_OF_SNameString(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
4686 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
4687 SEQUENCE_OF_SNameString_sequence_of, hf_index, ett_kerberos_SEQUENCE_OF_SNameString);
4688
4689 return offset;
4690 }
4691
4692
4693 static const ber_sequence_t SName_sequence[] = {
4694 { &hf_kerberos_name_type , BER_CLASS_CON, 0, 0, dissect_kerberos_NAME_TYPE },
4695 { &hf_kerberos_sname_string, BER_CLASS_CON, 1, 0, dissect_kerberos_SEQUENCE_OF_SNameString },
4696 { NULL, 0, 0, 0, NULL }
4697 };
4698
4699 static int
4700 dissect_kerberos_SName(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
4701 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
4702 SName_sequence, hf_index, ett_kerberos_SName);
4703
4704 return offset;
4705 }
4706
4707
4708 static const value_string kerberos_ENCTYPE_vals[] = {
4709 { 0, "eTYPE-NULL" },
4710 { 1, "eTYPE-DES-CBC-CRC" },
4711 { 2, "eTYPE-DES-CBC-MD4" },
4712 { 3, "eTYPE-DES-CBC-MD5" },
4713 { 5, "eTYPE-DES3-CBC-MD5" },
4714 { 7, "eTYPE-OLD-DES3-CBC-SHA1" },
4715 { 8, "eTYPE-SIGN-DSA-GENERATE" },
4716 { 9, "eTYPE-DSA-SHA1" },
4717 { 10, "eTYPE-RSA-MD5" },
4718 { 11, "eTYPE-RSA-SHA1" },
4719 { 12, "eTYPE-RC2-CBC" },
4720 { 13, "eTYPE-RSA" },
4721 { 14, "eTYPE-RSAES-OAEP" },
4722 { 15, "eTYPE-DES-EDE3-CBC" },
4723 { 16, "eTYPE-DES3-CBC-SHA1" },
4724 { 17, "eTYPE-AES128-CTS-HMAC-SHA1-96" },
4725 { 18, "eTYPE-AES256-CTS-HMAC-SHA1-96" },
4726 { 19, "eTYPE-AES128-CTS-HMAC-SHA256-128" },
4727 { 20, "eTYPE-AES256-CTS-HMAC-SHA384-192" },
4728 { 23, "eTYPE-ARCFOUR-HMAC-MD5" },
4729 { 24, "eTYPE-ARCFOUR-HMAC-MD5-56" },
4730 { 25, "eTYPE-CAMELLIA128-CTS-CMAC" },
4731 { 26, "eTYPE-CAMELLIA256-CTS-CMAC" },
4732 { 48, "eTYPE-ENCTYPE-PK-CROSS" },
4733 { -128, "eTYPE-ARCFOUR-MD4" },
4734 { -133, "eTYPE-ARCFOUR-HMAC-OLD" },
4735 { -135, "eTYPE-ARCFOUR-HMAC-OLD-EXP" },
4736 { -4096, "eTYPE-DES-CBC-NONE" },
4737 { -4097, "eTYPE-DES3-CBC-NONE" },
4738 { -4098, "eTYPE-DES-CFB64-NONE" },
4739 { -4099, "eTYPE-DES-PCBC-NONE" },
4740 { -4100, "eTYPE-DIGEST-MD5-NONE" },
4741 { -4101, "eTYPE-CRAM-MD5-NONE" },
4742 { 0, NULL }
4743 };
4744
4745
4746 static int
4747 dissect_kerberos_ENCTYPE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
4748 #line 323 "./asn1/kerberos/kerberos.cnf"
4749 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
4750 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
4751 &(private_data->etype));
4752
4753
4754
4755
4756 return offset;
4757 }
4758
4759
4760
4761 static int
4762 dissect_kerberos_UInt32(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
4763 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
4764 NULL);
4765
4766 return offset;
4767 }
4768
4769
4770
4771 static int
4772 dissect_kerberos_T_encryptedTicketData_cipher(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
4773 #line 327 "./asn1/kerberos/kerberos.cnf"
4774 #ifdef HAVE_KERBEROS
4775 offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_ticket_data);
4776 #else
4777 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
4778 NULL);
4779
4780 #endif
4781
4782
4783
4784 return offset;
4785 }
4786
4787
4788 static const ber_sequence_t EncryptedTicketData_sequence[] = {
4789 { &hf_kerberos_etype , BER_CLASS_CON, 0, 0, dissect_kerberos_ENCTYPE },
4790 { &hf_kerberos_kvno , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_UInt32 },
4791 { &hf_kerberos_encryptedTicketData_cipher, BER_CLASS_CON, 2, 0, dissect_kerberos_T_encryptedTicketData_cipher },
4792 { NULL, 0, 0, 0, NULL }
4793 };
4794
4795 static int
4796 dissect_kerberos_EncryptedTicketData(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
4797 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
4798 EncryptedTicketData_sequence, hf_index, ett_kerberos_EncryptedTicketData);
4799
4800 return offset;
4801 }
4802
4803
4804 static const ber_sequence_t Ticket_U_sequence[] = {
4805 { &hf_kerberos_tkt_vno , BER_CLASS_CON, 0, 0, dissect_kerberos_INTEGER_5 },
4806 { &hf_kerberos_realm , BER_CLASS_CON, 1, 0, dissect_kerberos_Realm },
4807 { &hf_kerberos_sname , BER_CLASS_CON, 2, 0, dissect_kerberos_SName },
4808 { &hf_kerberos_ticket_enc_part, BER_CLASS_CON, 3, 0, dissect_kerberos_EncryptedTicketData },
4809 { NULL, 0, 0, 0, NULL }
4810 };
4811
4812 static int
4813 dissect_kerberos_Ticket_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
4814 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
4815 Ticket_U_sequence, hf_index, ett_kerberos_Ticket_U);
4816
4817 return offset;
4818 }
4819
4820
4821
4822 static int
4823 dissect_kerberos_Ticket(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
4824 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
4825 hf_index, BER_CLASS_APP, 1, FALSE, dissect_kerberos_Ticket_U);
4826
4827 return offset;
4828 }
4829
4830
4831
4832 static int
4833 dissect_kerberos_CNameString(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
4834 offset = dissect_ber_restricted_string(implicit_tag, BER_UNI_TAG_GeneralString,
4835 actx, tree, tvb, offset, hf_index,
4836 NULL);
4837
4838 return offset;
4839 }
4840
4841
4842 static const ber_sequence_t SEQUENCE_OF_CNameString_sequence_of[1] = {
4843 { &hf_kerberos_cname_string_item, BER_CLASS_UNI, BER_UNI_TAG_GeneralString, BER_FLAGS_NOOWNTAG, dissect_kerberos_CNameString },
4844 };
4845
4846 static int
4847 dissect_kerberos_SEQUENCE_OF_CNameString(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
4848 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
4849 SEQUENCE_OF_CNameString_sequence_of, hf_index, ett_kerberos_SEQUENCE_OF_CNameString);
4850
4851 return offset;
4852 }
4853
4854
4855 static const ber_sequence_t CName_sequence[] = {
4856 { &hf_kerberos_name_type , BER_CLASS_CON, 0, 0, dissect_kerberos_NAME_TYPE },
4857 { &hf_kerberos_cname_string, BER_CLASS_CON, 1, 0, dissect_kerberos_SEQUENCE_OF_CNameString },
4858 { NULL, 0, 0, 0, NULL }
4859 };
4860
4861 static int
4862 dissect_kerberos_CName(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
4863 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
4864 CName_sequence, hf_index, ett_kerberos_CName);
4865
4866 return offset;
4867 }
4868
4869
4870 static const value_string kerberos_CKSUMTYPE_vals[] = {
4871 { 0, "cKSUMTYPE-NONE" },
4872 { 1, "cKSUMTYPE-CRC32" },
4873 { 2, "cKSUMTYPE-RSA-MD4" },
4874 { 3, "cKSUMTYPE-RSA-MD4-DES" },
4875 { 4, "cKSUMTYPE-DES-MAC" },
4876 { 5, "cKSUMTYPE-DES-MAC-K" },
4877 { 6, "cKSUMTYPE-RSA-MD4-DES-K" },
4878 { 7, "cKSUMTYPE-RSA-MD5" },
4879 { 8, "cKSUMTYPE-RSA-MD5-DES" },
4880 { 9, "cKSUMTYPE-RSA-MD5-DES3" },
4881 { 10, "cKSUMTYPE-SHA1-OTHER" },
4882 { 12, "cKSUMTYPE-HMAC-SHA1-DES3-KD" },
4883 { 13, "cKSUMTYPE-HMAC-SHA1-DES3" },
4884 { 14, "cKSUMTYPE-SHA1" },
4885 { 15, "cKSUMTYPE-HMAC-SHA1-96-AES-128" },
4886 { 16, "cKSUMTYPE-HMAC-SHA1-96-AES-256" },
4887 { 17, "cKSUMTYPE-CMAC-CAMELLIA128" },
4888 { 18, "cKSUMTYPE-CMAC-CAMELLIA256" },
4889 { 19, "cKSUMTYPE-HMAC-SHA256-128-AES128" },
4890 { 20, "cKSUMTYPE-HMAC-SHA384-192-AES256" },
4891 { 32771, "cKSUMTYPE-GSSAPI" },
4892 { -138, "cKSUMTYPE-HMAC-MD5" },
4893 { -1138, "cKSUMTYPE-HMAC-MD5-ENC" },
4894 { 0, NULL }
4895 };
4896
4897
4898 static int
4899 dissect_kerberos_CKSUMTYPE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
4900 #line 383 "./asn1/kerberos/kerberos.cnf"
4901 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
4902 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
4903 &(private_data->checksum_type));
4904
4905
4906
4907
4908 return offset;
4909 }
4910
4911
4912
4913 static int
4914 dissect_kerberos_T_checksum(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
4915 #line 387 "./asn1/kerberos/kerberos.cnf"
4916 tvbuff_t *next_tvb;
4917 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
4918
4919 switch(private_data->checksum_type){
4920 case KRB5_CHKSUM_GSSAPI:
4921 offset=dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_index, &next_tvb);
4922 dissect_krb5_rfc1964_checksum(actx, tree, next_tvb);
4923 break;
4924 default:
4925 offset=dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_index, NULL);
4926 break;
4927 }
4928
4929
4930
4931 return offset;
4932 }
4933
4934
4935 static const ber_sequence_t Checksum_sequence[] = {
4936 { &hf_kerberos_cksumtype , BER_CLASS_CON, 0, 0, dissect_kerberos_CKSUMTYPE },
4937 { &hf_kerberos_checksum , BER_CLASS_CON, 1, 0, dissect_kerberos_T_checksum },
4938 { NULL, 0, 0, 0, NULL }
4939 };
4940
4941 static int
4942 dissect_kerberos_Checksum(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
4943 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
4944 Checksum_sequence, hf_index, ett_kerberos_Checksum);
4945
4946 return offset;
4947 }
4948
4949
4950
4951 static int
4952 dissect_kerberos_Microseconds(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
4953 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
4954 NULL);
4955
4956 return offset;
4957 }
4958
4959
4960
4961 static int
4962 dissect_kerberos_KerberosTime(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
4963 offset = dissect_ber_GeneralizedTime(implicit_tag, actx, tree, tvb, offset, hf_index);
4964
4965 return offset;
4966 }
4967
4968
4969
4970 static int
4971 dissect_kerberos_Int32(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
4972 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
4973 NULL);
4974
4975 return offset;
4976 }
4977
4978
4979
4980 static int
4981 dissect_kerberos_T_keytype(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
4982 #line 401 "./asn1/kerberos/kerberos.cnf"
4983 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
4984
4985 private_data->key_hidden_item = proto_tree_add_item(tree, hf_krb_key_hidden_item,
4986 tvb, 0, 0, ENC_NA);
4987 if (private_data->key_hidden_item != NULL) {
4988 proto_item_set_hidden(private_data->key_hidden_item);
4989 }
4990
4991 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
4992 &gbl_keytype);
4993 private_data->key.keytype = gbl_keytype;
4994
4995
4996
4997 return offset;
4998 }
4999
5000
5001
5002 static int
5003 dissect_kerberos_T_keyvalue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
5004 #line 414 "./asn1/kerberos/kerberos.cnf"
5005 tvbuff_t *out_tvb;
5006 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
5007
5008 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
5009 &out_tvb);
5010
5011
5012 private_data->key.keylength = tvb_reported_length(out_tvb);
5013 private_data->key.keyvalue = tvb_get_ptr(out_tvb, 0, private_data->key.keylength);
5014 private_data->key_tree = tree;
5015 private_data->key_tvb = out_tvb;
5016
5017
5018
5019 return offset;
5020 }
5021
5022
5023 static const ber_sequence_t EncryptionKey_sequence[] = {
5024 { &hf_kerberos_keytype , BER_CLASS_CON, 0, 0, dissect_kerberos_T_keytype },
5025 { &hf_kerberos_keyvalue , BER_CLASS_CON, 1, 0, dissect_kerberos_T_keyvalue },
5026 { NULL, 0, 0, 0, NULL }
5027 };
5028
5029 static int
5030 dissect_kerberos_EncryptionKey(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
5031 #line 425 "./asn1/kerberos/kerberos.cnf"
5032 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
5033 #ifdef HAVE_KERBEROS
5034 int start_offset = offset;
5035 #endif
5036
5037 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
5038 EncryptionKey_sequence, hf_index, ett_kerberos_EncryptionKey);
5039
5040
5041 if (private_data->key.keytype != 0 && private_data->key.keylength > 0) {
5042 #ifdef HAVE_KERBEROS
5043 int length = offset - start_offset;
5044 private_data->last_added_key = NULL;
5045 private_data->save_encryption_key_fn(tvb, start_offset, length, actx, tree,
5046 private_data->save_encryption_key_parent_hf_index,
5047 hf_index);
5048 private_data->last_added_key = NULL;
5049 #endif
5050 }
5051
5052
5053
5054 return offset;
5055 }
5056
5057
5058
5059 static int
5060 dissect_kerberos_T_authenticator_subkey(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
5061 #line 444 "./asn1/kerberos/kerberos.cnf"
5062 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
5063 gint save_encryption_key_parent_hf_index = private_data->save_encryption_key_parent_hf_index;
5064 kerberos_key_save_fn saved_encryption_key_fn = private_data->save_encryption_key_fn;
5065 private_data->save_encryption_key_parent_hf_index = hf_kerberos_authenticator;
5066 #ifdef HAVE_KERBEROS
5067 private_data->save_encryption_key_fn = save_Authenticator_subkey;
5068 #endif
5069 offset = dissect_kerberos_EncryptionKey(implicit_tag, tvb, offset, actx, tree, hf_index);
5070
5071 private_data->save_encryption_key_parent_hf_index = save_encryption_key_parent_hf_index;
5072 private_data->save_encryption_key_fn = saved_encryption_key_fn;
5073
5074
5075
5076 return offset;
5077 }
5078
5079
5080 static const value_string kerberos_AUTHDATA_TYPE_vals[] = {
5081 { KERBEROS_AD_IF_RELEVANT, "aD-IF-RELEVANT" },
5082 { KERBEROS_AD_INTENDED_FOR_SERVER, "aD-INTENDED-FOR-SERVER" },
5083 { KERBEROS_AD_INTENDED_FOR_APPLICATION_CLASS, "aD-INTENDED-FOR-APPLICATION-CLASS" },
5084 { KERBEROS_AD_KDC_ISSUED, "aD-KDC-ISSUED" },
5085 { KERBEROS_AD_AND_OR, "aD-AND-OR" },
5086 { KERBEROS_AD_MANDATORY_TICKET_EXTENSIONS, "aD-MANDATORY-TICKET-EXTENSIONS" },
5087 { KERBEROS_AD_IN_TICKET_EXTENSIONS, "aD-IN-TICKET-EXTENSIONS" },
5088 { KERBEROS_AD_MANDATORY_FOR_KDC, "aD-MANDATORY-FOR-KDC" },
5089 { KERBEROS_AD_INITIAL_VERIFIED_CAS, "aD-INITIAL-VERIFIED-CAS" },
5090 { KERBEROS_AD_OSF_DCE, "aD-OSF-DCE" },
5091 { KERBEROS_AD_SESAME, "aD-SESAME" },
5092 { KERBEROS_AD_OSF_DCE_PKI_CERTID, "aD-OSF-DCE-PKI-CERTID" },
5093 { KERBEROS_AD_AUTHENTICATION_STRENGTH, "aD-authentication-strength" },
5094 { KERBEROS_AD_FX_FAST_ARMOR, "aD-fx-fast-armor" },
5095 { KERBEROS_AD_FX_FAST_USED, "aD-fx-fast-used" },
5096 { KERBEROS_AD_WIN2K_PAC, "aD-WIN2K-PAC" },
5097 { KERBEROS_AD_GSS_API_ETYPE_NEGOTIATION, "aD-GSS-API-ETYPE-NEGOTIATION" },
5098 { KERBEROS_AD_TOKEN_RESTRICTIONS, "aD-TOKEN-RESTRICTIONS" },
5099 { KERBEROS_AD_LOCAL, "aD-LOCAL" },
5100 { KERBEROS_AD_AP_OPTIONS, "aD-AP-OPTIONS" },
5101 { KERBEROS_AD_TARGET_PRINCIPAL, "aD-TARGET-PRINCIPAL" },
5102 { KERBEROS_AD_SIGNTICKET_OLDER, "aD-SIGNTICKET-OLDER" },
5103 { KERBEROS_AD_SIGNTICKET, "aD-SIGNTICKET" },
5104 { 0, NULL }
5105 };
5106
5107
5108 static int
5109 dissect_kerberos_AUTHDATA_TYPE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
5110 #line 525 "./asn1/kerberos/kerberos.cnf"
5111 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
5112 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
5113 &(private_data->ad_type));
5114
5115
5116
5117
5118 return offset;
5119 }
5120
5121
5122
5123 static int
5124 dissect_kerberos_T_ad_data(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
5125 #line 529 "./asn1/kerberos/kerberos.cnf"
5126 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
5127
5128 switch(private_data->ad_type){
5129 case KERBEROS_AD_WIN2K_PAC:
5130 offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset, hf_index, dissect_krb5_AD_WIN2K_PAC);
5131 break;
5132 case KERBEROS_AD_IF_RELEVANT:
5133 offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset, hf_index, dissect_kerberos_AD_IF_RELEVANT);
5134 break;
5135 case KERBEROS_AD_AUTHENTICATION_STRENGTH:
5136 offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset, hf_index, dissect_kerberos_PA_AUTHENTICATION_SET_ELEM);
5137 break;
5138 case KERBEROS_AD_GSS_API_ETYPE_NEGOTIATION:
5139 offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset, hf_index, dissect_kerberos_SEQUENCE_OF_ENCTYPE);
5140 break;
5141 case KERBEROS_AD_TOKEN_RESTRICTIONS:
5142 offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset, hf_index, dissect_kerberos_KERB_AD_RESTRICTION_ENTRY);
5143 break;
5144 case KERBEROS_AD_AP_OPTIONS:
5145 offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset, hf_index, dissect_kerberos_AD_AP_OPTIONS);
5146 break;
5147 case KERBEROS_AD_TARGET_PRINCIPAL:
5148 offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset, hf_index, dissect_kerberos_AD_TARGET_PRINCIPAL);
5149 break;
5150 default:
5151 offset=dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index, NULL);
5152 break;
5153 }
5154
5155
5156
5157 return offset;
5158 }
5159
5160
5161 static const ber_sequence_t AuthorizationData_item_sequence[] = {
5162 { &hf_kerberos_ad_type , BER_CLASS_CON, 0, 0, dissect_kerberos_AUTHDATA_TYPE },
5163 { &hf_kerberos_ad_data , BER_CLASS_CON, 1, 0, dissect_kerberos_T_ad_data },
5164 { NULL, 0, 0, 0, NULL }
5165 };
5166
5167 static int
5168 dissect_kerberos_AuthorizationData_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
5169 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
5170 AuthorizationData_item_sequence, hf_index, ett_kerberos_AuthorizationData_item);
5171
5172 return offset;
5173 }
5174
5175
5176 static const ber_sequence_t AuthorizationData_sequence_of[1] = {
5177 { &hf_kerberos_AuthorizationData_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_kerberos_AuthorizationData_item },
5178 };
5179
5180 static int
5181 dissect_kerberos_AuthorizationData(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
5182 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
5183 AuthorizationData_sequence_of, hf_index, ett_kerberos_AuthorizationData);
5184
5185 return offset;
5186 }
5187
5188
5189 static const ber_sequence_t Authenticator_U_sequence[] = {
5190 { &hf_kerberos_authenticator_vno, BER_CLASS_CON, 0, 0, dissect_kerberos_INTEGER_5 },
5191 { &hf_kerberos_crealm , BER_CLASS_CON, 1, 0, dissect_kerberos_Realm },
5192 { &hf_kerberos_cname , BER_CLASS_CON, 2, 0, dissect_kerberos_CName },
5193 { &hf_kerberos_cksum , BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL, dissect_kerberos_Checksum },
5194 { &hf_kerberos_cusec , BER_CLASS_CON, 4, 0, dissect_kerberos_Microseconds },
5195 { &hf_kerberos_ctime , BER_CLASS_CON, 5, 0, dissect_kerberos_KerberosTime },
5196 { &hf_kerberos_authenticator_subkey, BER_CLASS_CON, 6, BER_FLAGS_OPTIONAL, dissect_kerberos_T_authenticator_subkey },
5197 { &hf_kerberos_seq_number , BER_CLASS_CON, 7, BER_FLAGS_OPTIONAL, dissect_kerberos_UInt32 },
5198 { &hf_kerberos_authorization_data, BER_CLASS_CON, 8, BER_FLAGS_OPTIONAL, dissect_kerberos_AuthorizationData },
5199 { NULL, 0, 0, 0, NULL }
5200 };
5201
5202 static int
5203 dissect_kerberos_Authenticator_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
5204 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
5205 Authenticator_U_sequence, hf_index, ett_kerberos_Authenticator_U);
5206
5207 return offset;
5208 }
5209
5210
5211
5212 static int
5213 dissect_kerberos_Authenticator(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
5214 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
5215 hf_index, BER_CLASS_APP, 2, FALSE, dissect_kerberos_Authenticator_U);
5216
5217 return offset;
5218 }
5219
5220
5221 static int * const TicketFlags_bits[] = {
5222 &hf_kerberos_TicketFlags_reserved,
5223 &hf_kerberos_TicketFlags_forwardable,
5224 &hf_kerberos_TicketFlags_forwarded,
5225 &hf_kerberos_TicketFlags_proxiable,
5226 &hf_kerberos_TicketFlags_proxy,
5227 &hf_kerberos_TicketFlags_may_postdate,
5228 &hf_kerberos_TicketFlags_postdated,
5229 &hf_kerberos_TicketFlags_invalid,
5230 &hf_kerberos_TicketFlags_renewable,
5231 &hf_kerberos_TicketFlags_initial,
5232 &hf_kerberos_TicketFlags_pre_authent,
5233 &hf_kerberos_TicketFlags_hw_authent,
5234 &hf_kerberos_TicketFlags_transited_policy_checked,
5235 &hf_kerberos_TicketFlags_ok_as_delegate,
5236 &hf_kerberos_TicketFlags_unused,
5237 &hf_kerberos_TicketFlags_enc_pa_rep,
5238 &hf_kerberos_TicketFlags_anonymous,
5239 NULL
5240 };
5241
5242 static int
5243 dissect_kerberos_TicketFlags(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
5244 offset = dissect_ber_bitstring(implicit_tag, actx, tree, tvb, offset,
5245 TicketFlags_bits, 17, hf_index, ett_kerberos_TicketFlags,
5246 NULL);
5247
5248 return offset;
5249 }
5250
5251
5252
5253 static int
5254 dissect_kerberos_T_encTicketPart_key(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
5255 #line 489 "./asn1/kerberos/kerberos.cnf"
5256 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
5257 gint save_encryption_key_parent_hf_index = private_data->save_encryption_key_parent_hf_index;
5258 kerberos_key_save_fn saved_encryption_key_fn = private_data->save_encryption_key_fn;
5259 private_data->save_encryption_key_parent_hf_index = hf_kerberos_encTicketPart;
5260 #ifdef HAVE_KERBEROS
5261 private_data->save_encryption_key_fn = save_EncTicketPart_key;
5262 #endif
5263 offset = dissect_kerberos_EncryptionKey(implicit_tag, tvb, offset, actx, tree, hf_index);
5264
5265 private_data->save_encryption_key_parent_hf_index = save_encryption_key_parent_hf_index;
5266 private_data->save_encryption_key_fn = saved_encryption_key_fn;
5267
5268
5269
5270 return offset;
5271 }
5272
5273
5274
5275 static int
5276 dissect_kerberos_OCTET_STRING(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
5277 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
5278 NULL);
5279
5280 return offset;
5281 }
5282
5283
5284 static const ber_sequence_t TransitedEncoding_sequence[] = {
5285 { &hf_kerberos_tr_type , BER_CLASS_CON, 0, 0, dissect_kerberos_Int32 },
5286 { &hf_kerberos_contents , BER_CLASS_CON, 1, 0, dissect_kerberos_OCTET_STRING },
5287 { NULL, 0, 0, 0, NULL }
5288 };
5289
5290 static int
5291 dissect_kerberos_TransitedEncoding(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
5292 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
5293 TransitedEncoding_sequence, hf_index, ett_kerberos_TransitedEncoding);
5294
5295 return offset;
5296 }
5297
5298
5299 static const value_string kerberos_ADDR_TYPE_vals[] = {
5300 { KERBEROS_ADDR_TYPE_IPV4, "iPv4" },
5301 { KERBEROS_ADDR_TYPE_CHAOS, "cHAOS" },
5302 { KERBEROS_ADDR_TYPE_XEROX, "xEROX" },
5303 { KERBEROS_ADDR_TYPE_ISO, "iSO" },
5304 { KERBEROS_ADDR_TYPE_DECNET, "dECNET" },
5305 { KERBEROS_ADDR_TYPE_APPLETALK, "aPPLETALK" },
5306 { KERBEROS_ADDR_TYPE_NETBIOS, "nETBIOS" },
5307 { KERBEROS_ADDR_TYPE_IPV6, "iPv6" },
5308 { 0, NULL }
5309 };
5310
5311
5312 static int
5313 dissect_kerberos_ADDR_TYPE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
5314 #line 562 "./asn1/kerberos/kerberos.cnf"
5315 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
5316 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
5317 &(private_data->addr_type));
5318
5319
5320
5321
5322 return offset;
5323 }
5324
5325
5326
5327 static int
5328 dissect_kerberos_T_address(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
5329 #line 272 "./asn1/kerberos/kerberos.cnf"
5330 gint8 appclass;
5331 gboolean pc;
5332 gint32 tag;
5333 guint32 len;
5334 const char *address_str;
5335 proto_item *it=NULL;
5336 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
5337
5338 /* read header and len for the octet string */
5339 offset=dissect_ber_identifier(actx->pinfo, tree, tvb, offset, &appclass, &pc, &tag);
5340 offset=dissect_ber_length(actx->pinfo, tree, tvb, offset, &len, NULL);
5341
5342 switch(private_data->addr_type){
5343 case KERBEROS_ADDR_TYPE_IPV4:
5344 it=proto_tree_add_item(tree, hf_krb_address_ip, tvb, offset, 4, ENC_BIG_ENDIAN);
5345 address_str = tvb_ip_to_str(actx->pinfo->pool, tvb, offset);
5346 break;
5347 case KERBEROS_ADDR_TYPE_NETBIOS:
5348 {
5349 char netbios_name[(NETBIOS_NAME_LEN - 1)*4 + 1];
5350 int netbios_name_type;
5351 int netbios_name_len = (NETBIOS_NAME_LEN - 1)*4 + 1;
5352
5353 netbios_name_type = process_netbios_name(tvb_get_ptr(tvb, offset, 16), netbios_name, netbios_name_len);
5354 address_str = wmem_strdup_printf(actx->pinfo->pool, "%s<%02x>", netbios_name, netbios_name_type);
5355 it=proto_tree_add_string_format(tree, hf_krb_address_netbios, tvb, offset, 16, netbios_name, "NetBIOS Name: %s (%s)", address_str, netbios_name_type_descr(netbios_name_type));
5356 }
5357 break;
5358 case KERBEROS_ADDR_TYPE_IPV6:
5359 it=proto_tree_add_item(tree, hf_krb_address_ipv6, tvb, offset, INET6_ADDRLEN, ENC_NA);
5360 address_str = tvb_ip6_to_str(actx->pinfo->pool, tvb, offset);
5361 break;
5362 default:
5363 proto_tree_add_expert(tree, actx->pinfo, &ei_kerberos_address, tvb, offset, len);
5364 address_str = NULL;
5365 break;
5366 }
5367
5368 /* push it up two levels in the decode pane */
5369 if(it && address_str){
5370 proto_item_append_text(proto_item_get_parent(it), " %s",address_str);
5371 proto_item_append_text(proto_item_get_parent_nth(it, 2), " %s",address_str);
5372 }
5373
5374 offset+=len;
5375
5376
5377
5378
5379 return offset;
5380 }
5381
5382
5383 static const ber_sequence_t HostAddress_sequence[] = {
5384 { &hf_kerberos_addr_type , BER_CLASS_CON, 0, 0, dissect_kerberos_ADDR_TYPE },
5385 { &hf_kerberos_address , BER_CLASS_CON, 1, 0, dissect_kerberos_T_address },
5386 { NULL, 0, 0, 0, NULL }
5387 };
5388
5389 static int
5390 dissect_kerberos_HostAddress(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
5391 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
5392 HostAddress_sequence, hf_index, ett_kerberos_HostAddress);
5393
5394 return offset;
5395 }
5396
5397
5398 static const ber_sequence_t HostAddresses_sequence_of[1] = {
5399 { &hf_kerberos_HostAddresses_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_kerberos_HostAddress },
5400 };
5401
5402 static int
5403 dissect_kerberos_HostAddresses(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
5404 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
5405 HostAddresses_sequence_of, hf_index, ett_kerberos_HostAddresses);
5406
5407 return offset;
5408 }
5409
5410
5411 static const ber_sequence_t EncTicketPart_U_sequence[] = {
5412 { &hf_kerberos_flags , BER_CLASS_CON, 0, 0, dissect_kerberos_TicketFlags },
5413 { &hf_kerberos_encTicketPart_key, BER_CLASS_CON, 1, 0, dissect_kerberos_T_encTicketPart_key },
5414 { &hf_kerberos_crealm , BER_CLASS_CON, 2, 0, dissect_kerberos_Realm },
5415 { &hf_kerberos_cname , BER_CLASS_CON, 3, 0, dissect_kerberos_CName },
5416 { &hf_kerberos_transited , BER_CLASS_CON, 4, 0, dissect_kerberos_TransitedEncoding },
5417 { &hf_kerberos_authtime , BER_CLASS_CON, 5, 0, dissect_kerberos_KerberosTime },
5418 { &hf_kerberos_starttime , BER_CLASS_CON, 6, BER_FLAGS_OPTIONAL, dissect_kerberos_KerberosTime },
5419 { &hf_kerberos_endtime , BER_CLASS_CON, 7, 0, dissect_kerberos_KerberosTime },
5420 { &hf_kerberos_renew_till , BER_CLASS_CON, 8, BER_FLAGS_OPTIONAL, dissect_kerberos_KerberosTime },
5421 { &hf_kerberos_caddr , BER_CLASS_CON, 9, BER_FLAGS_OPTIONAL, dissect_kerberos_HostAddresses },
5422 { &hf_kerberos_authorization_data, BER_CLASS_CON, 10, BER_FLAGS_OPTIONAL, dissect_kerberos_AuthorizationData },
5423 { NULL, 0, 0, 0, NULL }
5424 };
5425
5426 static int
5427 dissect_kerberos_EncTicketPart_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
5428 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
5429 EncTicketPart_U_sequence, hf_index, ett_kerberos_EncTicketPart_U);
5430
5431 return offset;
5432 }
5433
5434
5435
5436 static int
5437 dissect_kerberos_EncTicketPart(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
5438 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
5439 hf_index, BER_CLASS_APP, 3, FALSE, dissect_kerberos_EncTicketPart_U);
5440
5441 return offset;
5442 }
5443
5444
5445 static const value_string kerberos_MESSAGE_TYPE_vals[] = {
5446 { 10, "krb-as-req" },
5447 { 11, "krb-as-rep" },
5448 { 12, "krb-tgs-req" },
5449 { 13, "krb-tgs-rep" },
5450 { 14, "krb-ap-req" },
5451 { 15, "krb-ap-rep" },
5452 { 16, "krb-tgt-req" },
5453 { 17, "krb-tgt-rep" },
5454 { 20, "krb-safe" },
5455 { 21, "krb-priv" },
5456 { 22, "krb-cred" },
5457 { 30, "krb-error" },
5458 { 0, NULL }
5459 };
5460
5461
5462 static int
5463 dissect_kerberos_MESSAGE_TYPE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
5464 #line 100 "./asn1/kerberos/kerberos.cnf"
5465 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
5466 guint32 msgtype;
5467
5468 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
5469 &msgtype);
5470
5471
5472
5473
5474 #line 106 "./asn1/kerberos/kerberos.cnf"
5475 if (gbl_do_col_info) {
5476 col_add_str(actx->pinfo->cinfo, COL_INFO,
5477 val_to_str(msgtype, krb5_msg_types,
5478 "Unknown msg type %#x"));
5479 }
5480 gbl_do_col_info=FALSE;
5481
5482 #if 0
5483 /* append the application type to the tree */
5484 proto_item_append_text(tree, " %s", val_to_str(msgtype, krb5_msg_types, "Unknown:0x%x"));
5485 #endif
5486 if (private_data->msg_type == 0) {
5487 private_data->msg_type = msgtype;
5488 }
5489
5490
5491 return offset;
5492 }
5493
5494
5495 static const value_string kerberos_PADATA_TYPE_vals[] = {
5496 { KERBEROS_PA_NONE, "pA-NONE" },
5497 { KERBEROS_PA_TGS_REQ, "pA-TGS-REQ" },
5498 { KERBEROS_PA_ENC_TIMESTAMP, "pA-ENC-TIMESTAMP" },
5499 { KERBEROS_PA_PW_SALT, "pA-PW-SALT" },
5500 { KERBEROS_PA_ENC_UNIX_TIME, "pA-ENC-UNIX-TIME" },
5501 { KERBEROS_PA_SANDIA_SECUREID, "pA-SANDIA-SECUREID" },
5502 { KERBEROS_PA_SESAME, "pA-SESAME" },
5503 { KERBEROS_PA_OSF_DCE, "pA-OSF-DCE" },
5504 { KERBEROS_PA_CYBERSAFE_SECUREID, "pA-CYBERSAFE-SECUREID" },
5505 { KERBEROS_PA_AFS3_SALT, "pA-AFS3-SALT" },
5506 { KERBEROS_PA_ETYPE_INFO, "pA-ETYPE-INFO" },
5507 { KERBEROS_PA_SAM_CHALLENGE, "pA-SAM-CHALLENGE" },
5508 { KERBEROS_PA_SAM_RESPONSE, "pA-SAM-RESPONSE" },
5509 { KERBEROS_PA_PK_AS_REQ_19, "pA-PK-AS-REQ-19" },
5510 { KERBEROS_PA_PK_AS_REP_19, "pA-PK-AS-REP-19" },
5511 { KERBEROS_PA_PK_AS_REQ, "pA-PK-AS-REQ" },
5512 { KERBEROS_PA_PK_AS_REP, "pA-PK-AS-REP" },
5513 { KERBEROS_PA_PK_OCSP_RESPONSE, "pA-PK-OCSP-RESPONSE" },
5514 { KERBEROS_PA_ETYPE_INFO2, "pA-ETYPE-INFO2" },
5515 { KERBEROS_PA_USE_SPECIFIED_KVNO, "pA-USE-SPECIFIED-KVNO" },
5516 { KERBEROS_PA_SAM_REDIRECT, "pA-SAM-REDIRECT" },
5517 { KERBEROS_PA_GET_FROM_TYPED_DATA, "pA-GET-FROM-TYPED-DATA" },
5518 { KERBEROS_TD_PADATA, "tD-PADATA" },
5519 { KERBEROS_PA_SAM_ETYPE_INFO, "pA-SAM-ETYPE-INFO" },
5520 { KERBEROS_PA_ALT_PRINC, "pA-ALT-PRINC" },
5521 { KERBEROS_PA_SERVER_REFERRAL, "pA-SERVER-REFERRAL" },
5522 { KERBEROS_PA_SAM_CHALLENGE2, "pA-SAM-CHALLENGE2" },
5523 { KERBEROS_PA_SAM_RESPONSE2, "pA-SAM-RESPONSE2" },
5524 { KERBEROS_PA_EXTRA_TGT, "pA-EXTRA-TGT" },
5525 { KERBEROS_TD_PKINIT_CMS_CERTIFICATES, "tD-PKINIT-CMS-CERTIFICATES" },
5526 { KERBEROS_TD_KRB_PRINCIPAL, "tD-KRB-PRINCIPAL" },
5527 { KERBEROS_TD_KRB_REALM, "tD-KRB-REALM" },
5528 { KERBEROS_TD_TRUSTED_CERTIFIERS, "tD-TRUSTED-CERTIFIERS" },
5529 { KERBEROS_TD_CERTIFICATE_INDEX, "tD-CERTIFICATE-INDEX" },
5530 { KERBEROS_TD_APP_DEFINED_ERROR, "tD-APP-DEFINED-ERROR" },
5531 { KERBEROS_TD_REQ_NONCE, "tD-REQ-NONCE" },
5532 { KERBEROS_TD_REQ_SEQ, "tD-REQ-SEQ" },
5533 { KERBEROS_TD_DH_PARAMETERS, "tD-DH-PARAMETERS" },
5534 { KERBEROS_TD_CMS_DIGEST_ALGORITHMS, "tD-CMS-DIGEST-ALGORITHMS" },
5535 { KERBEROS_TD_CERT_DIGEST_ALGORITHMS, "tD-CERT-DIGEST-ALGORITHMS" },
5536 { KERBEROS_PA_PAC_REQUEST, "pA-PAC-REQUEST" },
5537 { KERBEROS_PA_FOR_USER, "pA-FOR-USER" },
5538 { KERBEROS_PA_FOR_X509_USER, "pA-FOR-X509-USER" },
5539 { KERBEROS_PA_FOR_CHECK_DUPS, "pA-FOR-CHECK-DUPS" },
5540 { KERBEROS_PA_PK_AS_09_BINDING, "pA-PK-AS-09-BINDING" },
5541 { KERBEROS_PA_FX_COOKIE, "pA-FX-COOKIE" },
5542 { KERBEROS_PA_AUTHENTICATION_SET, "pA-AUTHENTICATION-SET" },
5543 { KERBEROS_PA_AUTH_SET_SELECTED, "pA-AUTH-SET-SELECTED" },
5544 { KERBEROS_PA_FX_FAST, "pA-FX-FAST" },
5545 { KERBEROS_PA_FX_ERROR, "pA-FX-ERROR" },
5546 { KERBEROS_PA_ENCRYPTED_CHALLENGE, "pA-ENCRYPTED-CHALLENGE" },
5547 { KERBEROS_PA_OTP_CHALLENGE, "pA-OTP-CHALLENGE" },
5548 { KERBEROS_PA_OTP_REQUEST, "pA-OTP-REQUEST" },
5549 { KERBEROS_PA_OTP_CONFIRM, "pA-OTP-CONFIRM" },
5550 { KERBEROS_PA_OTP_PIN_CHANGE, "pA-OTP-PIN-CHANGE" },
5551 { KERBEROS_PA_EPAK_AS_REQ, "pA-EPAK-AS-REQ" },
5552 { KERBEROS_PA_EPAK_AS_REP, "pA-EPAK-AS-REP" },
5553 { KERBEROS_PA_PKINIT_KX, "pA-PKINIT-KX" },
5554 { KERBEROS_PA_PKU2U_NAME, "pA-PKU2U-NAME" },
5555 { KERBEROS_PA_REQ_ENC_PA_REP, "pA-REQ-ENC-PA-REP" },
5556 { KERBEROS_PA_SPAKE, "pA-SPAKE" },
5557 { KERBEROS_PA_KERB_KEY_LIST_REQ, "pA-KERB-KEY-LIST-REQ" },
5558 { KERBEROS_PA_KERB_KEY_LIST_REP, "pA-KERB-KEY-LIST-REP" },
5559 { KERBEROS_PA_SUPPORTED_ETYPES, "pA-SUPPORTED-ETYPES" },
5560 { KERBEROS_PA_EXTENDED_ERROR, "pA-EXTENDED-ERROR" },
5561 { KERBEROS_PA_PAC_OPTIONS, "pA-PAC-OPTIONS" },
5562 { KERBEROS_PA_PROV_SRV_LOCATION, "pA-PROV-SRV-LOCATION" },
5563 { 0, NULL }
5564 };
5565
5566
5567 static int
5568 dissect_kerberos_PADATA_TYPE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
5569 #line 165 "./asn1/kerberos/kerberos.cnf"
5570 kerberos_private_data_t* private_data = kerberos_get_private_data(actx);
5571 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
5572 &(private_data->padata_type));
5573
5574
5575
5576 #line 168 "./asn1/kerberos/kerberos.cnf"
5577 if(tree){
5578 proto_item_append_text(tree, " %s",
5579 val_to_str(private_data->padata_type, kerberos_PADATA_TYPE_vals,
5580 "Unknown:%d"));
5581 }
5582
5583
5584 return offset;
5585 }
5586
5587
5588
5589 static int
5590 dissect_kerberos_T_padata_value(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
5591 #line 175 "./asn1/kerberos/kerberos.cnf"
5592 proto_tree *sub_tree=tree;
5593 kerberos_private_data_t* private_data = kerberos_get_private_data(actx);
5594
5595 if(actx->created_item){
5596 sub_tree=proto_item_add_subtree(actx->created_item, ett_kerberos_PA_DATA);
5597 }
5598
5599 switch(private_data->padata_type){
5600 case KERBEROS_PA_TGS_REQ:
5601 private_data->within_PA_TGS_REQ++;
5602 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_Applications);
5603 private_data->within_PA_TGS_REQ--;
5604 break;
5605 case KERBEROS_PA_PK_AS_REP_19:
5606 private_data->is_win2k_pkinit = TRUE;
5607 if (kerberos_private_is_kdc_req(private_data)) {
5608 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_pkinit_PA_PK_AS_REQ_Win2k);
5609 } else {
5610 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_pkinit_PA_PK_AS_REP_Win2k);
5611 }
5612 break;
5613 case KERBEROS_PA_PK_AS_REQ:
5614 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_pkinit_PaPkAsReq);
5615 break;
5616 case KERBEROS_PA_PK_AS_REP:
5617 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_pkinit_PaPkAsRep);
5618 break;
5619 case KERBEROS_PA_PAC_REQUEST:
5620 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_PAC_REQUEST);
5621 break;
5622 case KERBEROS_PA_FOR_USER: /* S4U2SELF */
5623 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_S4U2Self);
5624 break;
5625 case KERBEROS_PA_FOR_X509_USER:
5626 if(private_data->msg_type == KRB5_MSG_AS_REQ){
5627 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_x509af_Certificate);
5628 }else if(private_data->is_enc_padata){
5629 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, NULL);
5630 }else{
5631 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_S4U_X509_USER);
5632 }
5633 break;
5634 case KERBEROS_PA_PROV_SRV_LOCATION:
5635 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_krb5_PA_PROV_SRV_LOCATION);
5636 break;
5637 case KERBEROS_PA_ENC_TIMESTAMP:
5638 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_ENC_TIMESTAMP);
5639 break;
5640 case KERBEROS_PA_ETYPE_INFO:
5641 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_ETYPE_INFO);
5642 break;
5643 case KERBEROS_PA_ETYPE_INFO2:
5644 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_ETYPE_INFO2);
5645 break;
5646 case KERBEROS_PA_PW_SALT:
5647 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_krb5_PW_SALT);
5648 break;
5649 case KERBEROS_PA_AUTH_SET_SELECTED:
5650 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_AUTHENTICATION_SET_ELEM);
5651 break;
5652 case KERBEROS_PA_FX_FAST:
5653 if (kerberos_private_is_kdc_req(private_data)) {
5654 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_FX_FAST_REQUEST);
5655 }else{
5656 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_FX_FAST_REPLY);
5657 }
5658 break;
5659 case KERBEROS_PA_FX_ERROR:
5660 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_Applications);
5661 break;
5662 case KERBEROS_PA_ENCRYPTED_CHALLENGE:
5663 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_EncryptedChallenge);
5664 break;
5665 case KERBEROS_PA_KERB_KEY_LIST_REQ:
5666 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset, hf_index, dissect_kerberos_PA_KERB_KEY_LIST_REQ);
5667 break;
5668 case KERBEROS_PA_KERB_KEY_LIST_REP:
5669 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset, hf_index, dissect_kerberos_PA_KERB_KEY_LIST_REP);
5670 break;
5671 case KERBEROS_PA_SUPPORTED_ETYPES:
5672 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_SUPPORTED_ENCTYPES);
5673 break;
5674 case KERBEROS_PA_PAC_OPTIONS:
5675 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset, hf_index, dissect_kerberos_PA_PAC_OPTIONS);
5676 break;
5677 case KERBEROS_PA_REQ_ENC_PA_REP:
5678 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_Checksum);
5679 break;
5680 case KERBEROS_PA_SPAKE:
5681 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_SPAKE);
5682 break;
5683 default:
5684 offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, NULL);
5685 break;
5686 }
5687
5688
5689
5690 return offset;
5691 }
5692
5693
5694 static const ber_sequence_t PA_DATA_sequence[] = {
5695 { &hf_kerberos_padata_type, BER_CLASS_CON, 1, 0, dissect_kerberos_PADATA_TYPE },
5696 { &hf_kerberos_padata_value, BER_CLASS_CON, 2, 0, dissect_kerberos_T_padata_value },
5697 { NULL, 0, 0, 0, NULL }
5698 };
5699
5700 static int
5701 dissect_kerberos_PA_DATA(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
5702 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
5703 PA_DATA_sequence, hf_index, ett_kerberos_PA_DATA);
5704
5705 return offset;
5706 }
5707
5708
5709 static const ber_sequence_t SEQUENCE_OF_PA_DATA_sequence_of[1] = {
5710 { &hf_kerberos_padata_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_kerberos_PA_DATA },
5711 };
5712
5713 static int
5714 dissect_kerberos_SEQUENCE_OF_PA_DATA(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
5715 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
5716 SEQUENCE_OF_PA_DATA_sequence_of, hf_index, ett_kerberos_SEQUENCE_OF_PA_DATA);
5717
5718 return offset;
5719 }
5720
5721
5722 static int * const KDCOptions_bits[] = {
5723 &hf_kerberos_KDCOptions_reserved,
5724 &hf_kerberos_KDCOptions_forwardable,
5725 &hf_kerberos_KDCOptions_forwarded,
5726 &hf_kerberos_KDCOptions_proxiable,
5727 &hf_kerberos_KDCOptions_proxy,
5728 &hf_kerberos_KDCOptions_allow_postdate,
5729 &hf_kerberos_KDCOptions_postdated,
5730 &hf_kerberos_KDCOptions_unused7,
5731 &hf_kerberos_KDCOptions_renewable,
5732 &hf_kerberos_KDCOptions_unused9,
5733 &hf_kerberos_KDCOptions_unused10,
5734 &hf_kerberos_KDCOptions_opt_hardware_auth,
5735 &hf_kerberos_KDCOptions_unused12,
5736 &hf_kerberos_KDCOptions_unused13,
5737 &hf_kerberos_KDCOptions_constrained_delegation,
5738 &hf_kerberos_KDCOptions_canonicalize,
5739 &hf_kerberos_KDCOptions_request_anonymous,
5740 &hf_kerberos_KDCOptions_unused17,
5741 &hf_kerberos_KDCOptions_unused18,
5742 &hf_kerberos_KDCOptions_unused19,
5743 &hf_kerberos_KDCOptions_unused20,
5744 &hf_kerberos_KDCOptions_unused21,
5745 &hf_kerberos_KDCOptions_unused22,
5746 &hf_kerberos_KDCOptions_unused23,
5747 &hf_kerberos_KDCOptions_unused24,
5748 &hf_kerberos_KDCOptions_unused25,
5749 &hf_kerberos_KDCOptions_disable_transited_check,
5750 &hf_kerberos_KDCOptions_renewable_ok,
5751 &hf_kerberos_KDCOptions_enc_tkt_in_skey,
5752 &hf_kerberos_KDCOptions_unused29,
5753 &hf_kerberos_KDCOptions_renew,
5754 &hf_kerberos_KDCOptions_validate,
5755 NULL
5756 };
5757
5758 static int
5759 dissect_kerberos_KDCOptions(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
5760 offset = dissect_ber_bitstring(implicit_tag, actx, tree, tvb, offset,
5761 KDCOptions_bits, 32, hf_index, ett_kerberos_KDCOptions,
5762 NULL);
5763
5764 return offset;
5765 }
5766
5767
5768 static const ber_sequence_t SEQUENCE_OF_ENCTYPE_sequence_of[1] = {
5769 { &hf_kerberos_kDC_REQ_BODY_etype_item, BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_kerberos_ENCTYPE },
5770 };
5771
5772 static int
5773 dissect_kerberos_SEQUENCE_OF_ENCTYPE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
5774 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
5775 SEQUENCE_OF_ENCTYPE_sequence_of, hf_index, ett_kerberos_SEQUENCE_OF_ENCTYPE);
5776
5777 return offset;
5778 }
5779
5780
5781
5782 static int
5783 dissect_kerberos_T_encryptedAuthorizationData_cipher(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
5784 #line 334 "./asn1/kerberos/kerberos.cnf"
5785 #ifdef HAVE_KERBEROS
5786 offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_authorization_data);
5787 #else
5788 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
5789 NULL);
5790
5791 #endif
5792
5793
5794
5795 return offset;
5796 }
5797
5798
5799 static const ber_sequence_t EncryptedAuthorizationData_sequence[] = {
5800 { &hf_kerberos_etype , BER_CLASS_CON, 0, 0, dissect_kerberos_ENCTYPE },
5801 { &hf_kerberos_kvno , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_UInt32 },
5802 { &hf_kerberos_encryptedAuthorizationData_cipher, BER_CLASS_CON, 2, 0, dissect_kerberos_T_encryptedAuthorizationData_cipher },
5803 { NULL, 0, 0, 0, NULL }
5804 };
5805
5806 static int
5807 dissect_kerberos_EncryptedAuthorizationData(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
5808 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
5809 EncryptedAuthorizationData_sequence, hf_index, ett_kerberos_EncryptedAuthorizationData);
5810
5811 return offset;
5812 }
5813
5814
5815 static const ber_sequence_t SEQUENCE_OF_Ticket_sequence_of[1] = {
5816 { &hf_kerberos_additional_tickets_item, BER_CLASS_APP, 1, BER_FLAGS_NOOWNTAG, dissect_kerberos_Ticket },
5817 };
5818
5819 static int
5820 dissect_kerberos_SEQUENCE_OF_Ticket(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
5821 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
5822 SEQUENCE_OF_Ticket_sequence_of, hf_index, ett_kerberos_SEQUENCE_OF_Ticket);
5823
5824 return offset;
5825 }
5826
5827
5828 static const ber_sequence_t KDC_REQ_BODY_sequence[] = {
5829 { &hf_kerberos_kdc_options, BER_CLASS_CON, 0, 0, dissect_kerberos_KDCOptions },
5830 { &hf_kerberos_cname , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_CName },
5831 { &hf_kerberos_realm , BER_CLASS_CON, 2, 0, dissect_kerberos_Realm },
5832 { &hf_kerberos_sname , BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL, dissect_kerberos_SName },
5833 { &hf_kerberos_from , BER_CLASS_CON, 4, BER_FLAGS_OPTIONAL, dissect_kerberos_KerberosTime },
5834 { &hf_kerberos_till , BER_CLASS_CON, 5, BER_FLAGS_OPTIONAL, dissect_kerberos_KerberosTime },
5835 { &hf_kerberos_rtime , BER_CLASS_CON, 6, BER_FLAGS_OPTIONAL, dissect_kerberos_KerberosTime },
5836 { &hf_kerberos_nonce , BER_CLASS_CON, 7, 0, dissect_kerberos_UInt32 },
5837 { &hf_kerberos_kDC_REQ_BODY_etype, BER_CLASS_CON, 8, 0, dissect_kerberos_SEQUENCE_OF_ENCTYPE },
5838 { &hf_kerberos_addresses , BER_CLASS_CON, 9, BER_FLAGS_OPTIONAL, dissect_kerberos_HostAddresses },
5839 { &hf_kerberos_enc_authorization_data, BER_CLASS_CON, 10, BER_FLAGS_OPTIONAL, dissect_kerberos_EncryptedAuthorizationData },
5840 { &hf_kerberos_additional_tickets, BER_CLASS_CON, 11, BER_FLAGS_OPTIONAL, dissect_kerberos_SEQUENCE_OF_Ticket },
5841 { NULL, 0, 0, 0, NULL }
5842 };
5843
5844 static int
5845 dissect_kerberos_KDC_REQ_BODY(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
5846 #line 566 "./asn1/kerberos/kerberos.cnf"
5847 conversation_t *conversation;
5848
5849 /*
5850 * UDP replies to KDC_REQs are sent from the server back to the client's
5851 * source port, similar to the way TFTP works. Set up a conversation
5852 * accordingly.
5853 *
5854 * Ref: Section 7.2.1 of
5855 * http://www.ietf.org/internet-drafts/draft-ietf-krb-wg-kerberos-clarifications-07.txt
5856 */
5857 if (actx->pinfo->destport == UDP_PORT_KERBEROS && actx->pinfo->ptype == PT_UDP) {
5858 conversation = find_conversation(actx->pinfo->num, &actx->pinfo->src, &actx->pinfo->dst, ENDPOINT_UDP,
5859 actx->pinfo->srcport, 0, NO_PORT_B);
5860 if (conversation == NULL) {
5861 conversation = conversation_new(actx->pinfo->num, &actx->pinfo->src, &actx->pinfo->dst, ENDPOINT_UDP,
5862 actx->pinfo->srcport, 0, NO_PORT2);
5863 conversation_set_dissector(conversation, kerberos_handle_udp);
5864 }
5865 }
5866
5867 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
5868 KDC_REQ_BODY_sequence, hf_index, ett_kerberos_KDC_REQ_BODY);
5869
5870
5871
5872
5873 return offset;
5874 }
5875
5876
5877 static const ber_sequence_t KDC_REQ_sequence[] = {
5878 { &hf_kerberos_pvno , BER_CLASS_CON, 1, 0, dissect_kerberos_INTEGER_5 },
5879 { &hf_kerberos_msg_type , BER_CLASS_CON, 2, 0, dissect_kerberos_MESSAGE_TYPE },
5880 { &hf_kerberos_padata , BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL, dissect_kerberos_SEQUENCE_OF_PA_DATA },
5881 { &hf_kerberos_req_body , BER_CLASS_CON, 4, 0, dissect_kerberos_KDC_REQ_BODY },
5882 { NULL, 0, 0, 0, NULL }
5883 };
5884
5885 static int
5886 dissect_kerberos_KDC_REQ(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
5887 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
5888 KDC_REQ_sequence, hf_index, ett_kerberos_KDC_REQ);
5889
5890 return offset;
5891 }
5892
5893
5894
5895 static int
5896 dissect_kerberos_AS_REQ(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
5897 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
5898 hf_index, BER_CLASS_APP, 10, FALSE, dissect_kerberos_KDC_REQ);
5899
5900 return offset;
5901 }
5902
5903
5904
5905 static int
5906 dissect_kerberos_T_encryptedKDCREPData_cipher(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
5907 #line 348 "./asn1/kerberos/kerberos.cnf"
5908 #ifdef HAVE_KERBEROS
5909 offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_KDC_REP_data);
5910 #else
5911 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
5912 NULL);
5913
5914 #endif
5915
5916
5917
5918 return offset;
5919 }
5920
5921
5922 static const ber_sequence_t EncryptedKDCREPData_sequence[] = {
5923 { &hf_kerberos_etype , BER_CLASS_CON, 0, 0, dissect_kerberos_ENCTYPE },
5924 { &hf_kerberos_kvno , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_UInt32 },
5925 { &hf_kerberos_encryptedKDCREPData_cipher, BER_CLASS_CON, 2, 0, dissect_kerberos_T_encryptedKDCREPData_cipher },
5926 { NULL, 0, 0, 0, NULL }
5927 };
5928
5929 static int
5930 dissect_kerberos_EncryptedKDCREPData(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
5931 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
5932 EncryptedKDCREPData_sequence, hf_index, ett_kerberos_EncryptedKDCREPData);
5933
5934 return offset;
5935 }
5936
5937
5938 static const ber_sequence_t KDC_REP_sequence[] = {
5939 { &hf_kerberos_pvno , BER_CLASS_CON, 0, 0, dissect_kerberos_INTEGER_5 },
5940 { &hf_kerberos_msg_type , BER_CLASS_CON, 1, 0, dissect_kerberos_MESSAGE_TYPE },
5941 { &hf_kerberos_padata , BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL, dissect_kerberos_SEQUENCE_OF_PA_DATA },
5942 { &hf_kerberos_crealm , BER_CLASS_CON, 3, 0, dissect_kerberos_Realm },
5943 { &hf_kerberos_cname , BER_CLASS_CON, 4, 0, dissect_kerberos_CName },
5944 { &hf_kerberos_ticket , BER_CLASS_CON, 5, 0, dissect_kerberos_Ticket },
5945 { &hf_kerberos_kDC_REP_enc_part, BER_CLASS_CON, 6, 0, dissect_kerberos_EncryptedKDCREPData },
5946 { NULL, 0, 0, 0, NULL }
5947 };
5948
5949 static int
5950 dissect_kerberos_KDC_REP(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
5951 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
5952 KDC_REP_sequence, hf_index, ett_kerberos_KDC_REP);
5953
5954 return offset;
5955 }
5956
5957
5958
5959 static int
5960 dissect_kerberos_AS_REP(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
5961 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
5962 hf_index, BER_CLASS_APP, 11, FALSE, dissect_kerberos_KDC_REP);
5963
5964 return offset;
5965 }
5966
5967
5968
5969 static int
5970 dissect_kerberos_TGS_REQ(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
5971 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
5972 hf_index, BER_CLASS_APP, 12, FALSE, dissect_kerberos_KDC_REQ);
5973
5974 return offset;
5975 }
5976
5977
5978
5979 static int
5980 dissect_kerberos_TGS_REP(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
5981 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
5982 hf_index, BER_CLASS_APP, 13, FALSE, dissect_kerberos_KDC_REP);
5983
5984 return offset;
5985 }
5986
5987
5988 static int * const APOptions_bits[] = {
5989 &hf_kerberos_APOptions_reserved,
5990 &hf_kerberos_APOptions_use_session_key,
5991 &hf_kerberos_APOptions_mutual_required,
5992 NULL
5993 };
5994
5995 static int
5996 dissect_kerberos_APOptions(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
5997 offset = dissect_ber_bitstring(implicit_tag, actx, tree, tvb, offset,
5998 APOptions_bits, 3, hf_index, ett_kerberos_APOptions,
5999 NULL);
6000
6001 return offset;
6002 }
6003
6004
6005
6006 static int
6007 dissect_kerberos_T_encryptedAuthenticator_cipher(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6008 #line 341 "./asn1/kerberos/kerberos.cnf"
6009 #ifdef HAVE_KERBEROS
6010 offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_authenticator_data);
6011 #else
6012 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
6013 NULL);
6014
6015 #endif
6016
6017
6018
6019 return offset;
6020 }
6021
6022
6023 static const ber_sequence_t EncryptedAuthenticator_sequence[] = {
6024 { &hf_kerberos_etype , BER_CLASS_CON, 0, 0, dissect_kerberos_ENCTYPE },
6025 { &hf_kerberos_kvno , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_UInt32 },
6026 { &hf_kerberos_encryptedAuthenticator_cipher, BER_CLASS_CON, 2, 0, dissect_kerberos_T_encryptedAuthenticator_cipher },
6027 { NULL, 0, 0, 0, NULL }
6028 };
6029
6030 static int
6031 dissect_kerberos_EncryptedAuthenticator(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6032 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
6033 EncryptedAuthenticator_sequence, hf_index, ett_kerberos_EncryptedAuthenticator);
6034
6035 return offset;
6036 }
6037
6038
6039 static const ber_sequence_t AP_REQ_U_sequence[] = {
6040 { &hf_kerberos_pvno , BER_CLASS_CON, 0, 0, dissect_kerberos_INTEGER_5 },
6041 { &hf_kerberos_msg_type , BER_CLASS_CON, 1, 0, dissect_kerberos_MESSAGE_TYPE },
6042 { &hf_kerberos_ap_options , BER_CLASS_CON, 2, 0, dissect_kerberos_APOptions },
6043 { &hf_kerberos_ticket , BER_CLASS_CON, 3, 0, dissect_kerberos_Ticket },
6044 { &hf_kerberos_authenticator_enc_part, BER_CLASS_CON, 4, 0, dissect_kerberos_EncryptedAuthenticator },
6045 { NULL, 0, 0, 0, NULL }
6046 };
6047
6048 static int
6049 dissect_kerberos_AP_REQ_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6050 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
6051 AP_REQ_U_sequence, hf_index, ett_kerberos_AP_REQ_U);
6052
6053 return offset;
6054 }
6055
6056
6057
6058 static int
6059 dissect_kerberos_AP_REQ(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6060 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
6061 hf_index, BER_CLASS_APP, 14, FALSE, dissect_kerberos_AP_REQ_U);
6062
6063 return offset;
6064 }
6065
6066
6067
6068 static int
6069 dissect_kerberos_T_encryptedAPREPData_cipher(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6070 #line 362 "./asn1/kerberos/kerberos.cnf"
6071 #ifdef HAVE_KERBEROS
6072 offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_AP_REP_data);
6073 #else
6074 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
6075 NULL);
6076
6077 #endif
6078
6079
6080
6081 return offset;
6082 }
6083
6084
6085 static const ber_sequence_t EncryptedAPREPData_sequence[] = {
6086 { &hf_kerberos_etype , BER_CLASS_CON, 0, 0, dissect_kerberos_ENCTYPE },
6087 { &hf_kerberos_kvno , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_UInt32 },
6088 { &hf_kerberos_encryptedAPREPData_cipher, BER_CLASS_CON, 2, 0, dissect_kerberos_T_encryptedAPREPData_cipher },
6089 { NULL, 0, 0, 0, NULL }
6090 };
6091
6092 static int
6093 dissect_kerberos_EncryptedAPREPData(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6094 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
6095 EncryptedAPREPData_sequence, hf_index, ett_kerberos_EncryptedAPREPData);
6096
6097 return offset;
6098 }
6099
6100
6101 static const ber_sequence_t AP_REP_U_sequence[] = {
6102 { &hf_kerberos_pvno , BER_CLASS_CON, 0, 0, dissect_kerberos_INTEGER_5 },
6103 { &hf_kerberos_msg_type , BER_CLASS_CON, 1, 0, dissect_kerberos_MESSAGE_TYPE },
6104 { &hf_kerberos_aP_REP_enc_part, BER_CLASS_CON, 2, 0, dissect_kerberos_EncryptedAPREPData },
6105 { NULL, 0, 0, 0, NULL }
6106 };
6107
6108 static int
6109 dissect_kerberos_AP_REP_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6110 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
6111 AP_REP_U_sequence, hf_index, ett_kerberos_AP_REP_U);
6112
6113 return offset;
6114 }
6115
6116
6117
6118 static int
6119 dissect_kerberos_AP_REP(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6120 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
6121 hf_index, BER_CLASS_APP, 15, FALSE, dissect_kerberos_AP_REP_U);
6122
6123 return offset;
6124 }
6125
6126
6127
6128 static int
6129 dissect_kerberos_T_kRB_SAFE_BODY_user_data(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6130 #line 589 "./asn1/kerberos/kerberos.cnf"
6131 kerberos_private_data_t* private_data = kerberos_get_private_data(actx);
6132 tvbuff_t *new_tvb;
6133 offset=dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_index, &new_tvb);
6134 if (new_tvb) {
6135 call_kerberos_callbacks(actx->pinfo, tree, new_tvb, KRB_CBTAG_SAFE_USER_DATA, private_data->callbacks);
6136 }
6137
6138
6139
6140 return offset;
6141 }
6142
6143
6144 static const ber_sequence_t KRB_SAFE_BODY_sequence[] = {
6145 { &hf_kerberos_kRB_SAFE_BODY_user_data, BER_CLASS_CON, 0, 0, dissect_kerberos_T_kRB_SAFE_BODY_user_data },
6146 { &hf_kerberos_timestamp , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_KerberosTime },
6147 { &hf_kerberos_usec , BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL, dissect_kerberos_Microseconds },
6148 { &hf_kerberos_seq_number , BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL, dissect_kerberos_UInt32 },
6149 { &hf_kerberos_s_address , BER_CLASS_CON, 4, BER_FLAGS_OPTIONAL, dissect_kerberos_HostAddress },
6150 { &hf_kerberos_r_address , BER_CLASS_CON, 5, BER_FLAGS_OPTIONAL, dissect_kerberos_HostAddress },
6151 { NULL, 0, 0, 0, NULL }
6152 };
6153
6154 static int
6155 dissect_kerberos_KRB_SAFE_BODY(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6156 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
6157 KRB_SAFE_BODY_sequence, hf_index, ett_kerberos_KRB_SAFE_BODY);
6158
6159 return offset;
6160 }
6161
6162
6163 static const ber_sequence_t KRB_SAFE_U_sequence[] = {
6164 { &hf_kerberos_pvno , BER_CLASS_CON, 0, 0, dissect_kerberos_INTEGER_5 },
6165 { &hf_kerberos_msg_type , BER_CLASS_CON, 1, 0, dissect_kerberos_MESSAGE_TYPE },
6166 { &hf_kerberos_safe_body , BER_CLASS_CON, 2, 0, dissect_kerberos_KRB_SAFE_BODY },
6167 { &hf_kerberos_cksum , BER_CLASS_CON, 3, 0, dissect_kerberos_Checksum },
6168 { NULL, 0, 0, 0, NULL }
6169 };
6170
6171 static int
6172 dissect_kerberos_KRB_SAFE_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6173 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
6174 KRB_SAFE_U_sequence, hf_index, ett_kerberos_KRB_SAFE_U);
6175
6176 return offset;
6177 }
6178
6179
6180
6181 static int
6182 dissect_kerberos_KRB_SAFE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6183 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
6184 hf_index, BER_CLASS_APP, 20, FALSE, dissect_kerberos_KRB_SAFE_U);
6185
6186 return offset;
6187 }
6188
6189
6190
6191 static int
6192 dissect_kerberos_T_encryptedKrbPrivData_cipher(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6193 #line 369 "./asn1/kerberos/kerberos.cnf"
6194 #ifdef HAVE_KERBEROS
6195 offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_PRIV_data);
6196 #else
6197 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
6198 NULL);
6199
6200 #endif
6201
6202
6203
6204 return offset;
6205 }
6206
6207
6208 static const ber_sequence_t EncryptedKrbPrivData_sequence[] = {
6209 { &hf_kerberos_etype , BER_CLASS_CON, 0, 0, dissect_kerberos_ENCTYPE },
6210 { &hf_kerberos_kvno , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_UInt32 },
6211 { &hf_kerberos_encryptedKrbPrivData_cipher, BER_CLASS_CON, 2, 0, dissect_kerberos_T_encryptedKrbPrivData_cipher },
6212 { NULL, 0, 0, 0, NULL }
6213 };
6214
6215 static int
6216 dissect_kerberos_EncryptedKrbPrivData(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6217 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
6218 EncryptedKrbPrivData_sequence, hf_index, ett_kerberos_EncryptedKrbPrivData);
6219
6220 return offset;
6221 }
6222
6223
6224 static const ber_sequence_t KRB_PRIV_U_sequence[] = {
6225 { &hf_kerberos_pvno , BER_CLASS_CON, 0, 0, dissect_kerberos_INTEGER_5 },
6226 { &hf_kerberos_msg_type , BER_CLASS_CON, 1, 0, dissect_kerberos_MESSAGE_TYPE },
6227 { &hf_kerberos_kRB_PRIV_enc_part, BER_CLASS_CON, 3, 0, dissect_kerberos_EncryptedKrbPrivData },
6228 { NULL, 0, 0, 0, NULL }
6229 };
6230
6231 static int
6232 dissect_kerberos_KRB_PRIV_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6233 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
6234 KRB_PRIV_U_sequence, hf_index, ett_kerberos_KRB_PRIV_U);
6235
6236 return offset;
6237 }
6238
6239
6240
6241 static int
6242 dissect_kerberos_KRB_PRIV(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6243 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
6244 hf_index, BER_CLASS_APP, 21, FALSE, dissect_kerberos_KRB_PRIV_U);
6245
6246 return offset;
6247 }
6248
6249
6250
6251 static int
6252 dissect_kerberos_T_encryptedKrbCredData_cipher(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6253 #line 376 "./asn1/kerberos/kerberos.cnf"
6254 #ifdef HAVE_KERBEROS
6255 offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_CRED_data);
6256 #else
6257 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
6258 NULL);
6259
6260 #endif
6261
6262
6263
6264 return offset;
6265 }
6266
6267
6268 static const ber_sequence_t EncryptedKrbCredData_sequence[] = {
6269 { &hf_kerberos_etype , BER_CLASS_CON, 0, 0, dissect_kerberos_ENCTYPE },
6270 { &hf_kerberos_kvno , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_UInt32 },
6271 { &hf_kerberos_encryptedKrbCredData_cipher, BER_CLASS_CON, 2, 0, dissect_kerberos_T_encryptedKrbCredData_cipher },
6272 { NULL, 0, 0, 0, NULL }
6273 };
6274
6275 static int
6276 dissect_kerberos_EncryptedKrbCredData(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6277 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
6278 EncryptedKrbCredData_sequence, hf_index, ett_kerberos_EncryptedKrbCredData);
6279
6280 return offset;
6281 }
6282
6283
6284 static const ber_sequence_t KRB_CRED_U_sequence[] = {
6285 { &hf_kerberos_pvno , BER_CLASS_CON, 0, 0, dissect_kerberos_INTEGER_5 },
6286 { &hf_kerberos_msg_type , BER_CLASS_CON, 1, 0, dissect_kerberos_MESSAGE_TYPE },
6287 { &hf_kerberos_tickets , BER_CLASS_CON, 2, 0, dissect_kerberos_SEQUENCE_OF_Ticket },
6288 { &hf_kerberos_kRB_CRED_enc_part, BER_CLASS_CON, 3, 0, dissect_kerberos_EncryptedKrbCredData },
6289 { NULL, 0, 0, 0, NULL }
6290 };
6291
6292 static int
6293 dissect_kerberos_KRB_CRED_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6294 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
6295 KRB_CRED_U_sequence, hf_index, ett_kerberos_KRB_CRED_U);
6296
6297 return offset;
6298 }
6299
6300
6301
6302 static int
6303 dissect_kerberos_KRB_CRED(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6304 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
6305 hf_index, BER_CLASS_APP, 22, FALSE, dissect_kerberos_KRB_CRED_U);
6306
6307 return offset;
6308 }
6309
6310
6311
6312 static int
6313 dissect_kerberos_T_encKDCRepPart_key(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6314 #line 468 "./asn1/kerberos/kerberos.cnf"
6315 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
6316 gint save_encryption_key_parent_hf_index = private_data->save_encryption_key_parent_hf_index;
6317 kerberos_key_save_fn saved_encryption_key_fn = private_data->save_encryption_key_fn;
6318 switch (private_data->msg_type) {
6319 case KERBEROS_APPLICATIONS_AS_REP:
6320 private_data->save_encryption_key_parent_hf_index = hf_kerberos_encASRepPart;
6321 break;
6322 case KERBEROS_APPLICATIONS_TGS_REP:
6323 private_data->save_encryption_key_parent_hf_index = hf_kerberos_encTGSRepPart;
6324 break;
6325 default:
6326 private_data->save_encryption_key_parent_hf_index = -1;
6327 }
6328 #ifdef HAVE_KERBEROS
6329 private_data->save_encryption_key_fn = save_EncKDCRepPart_key;
6330 #endif
6331 offset = dissect_kerberos_EncryptionKey(implicit_tag, tvb, offset, actx, tree, hf_index);
6332
6333 private_data->save_encryption_key_parent_hf_index = save_encryption_key_parent_hf_index;
6334 private_data->save_encryption_key_fn = saved_encryption_key_fn;
6335
6336
6337
6338 return offset;
6339 }
6340
6341
6342 static const value_string kerberos_LR_TYPE_vals[] = {
6343 { 0, "lR-NONE" },
6344 { 1, "lR-INITIAL-TGT" },
6345 { 2, "lR-INITIAL" },
6346 { 3, "lR-ISSUE-USE-TGT" },
6347 { 4, "lR-RENEWAL" },
6348 { 5, "lR-REQUEST" },
6349 { 6, "lR-PW-EXPTIME" },
6350 { 7, "lR-ACCT-EXPTIME" },
6351 { 0, NULL }
6352 };
6353
6354
6355 static int
6356 dissect_kerberos_LR_TYPE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6357 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
6358 NULL);
6359
6360 return offset;
6361 }
6362
6363
6364 static const ber_sequence_t LastReq_item_sequence[] = {
6365 { &hf_kerberos_lr_type , BER_CLASS_CON, 0, 0, dissect_kerberos_LR_TYPE },
6366 { &hf_kerberos_lr_value , BER_CLASS_CON, 1, 0, dissect_kerberos_KerberosTime },
6367 { NULL, 0, 0, 0, NULL }
6368 };
6369
6370 static int
6371 dissect_kerberos_LastReq_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6372 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
6373 LastReq_item_sequence, hf_index, ett_kerberos_LastReq_item);
6374
6375 return offset;
6376 }
6377
6378
6379 static const ber_sequence_t LastReq_sequence_of[1] = {
6380 { &hf_kerberos_LastReq_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_kerberos_LastReq_item },
6381 };
6382
6383 static int
6384 dissect_kerberos_LastReq(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6385 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
6386 LastReq_sequence_of, hf_index, ett_kerberos_LastReq);
6387
6388 return offset;
6389 }
6390
6391
6392 static const ber_sequence_t METHOD_DATA_sequence_of[1] = {
6393 { &hf_kerberos_METHOD_DATA_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_kerberos_PA_DATA },
6394 };
6395
6396 static int
6397 dissect_kerberos_METHOD_DATA(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6398 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
6399 METHOD_DATA_sequence_of, hf_index, ett_kerberos_METHOD_DATA);
6400
6401 return offset;
6402 }
6403
6404
6405
6406 static int
6407 dissect_kerberos_T_encrypted_pa_data(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6408 #line 605 "./asn1/kerberos/kerberos.cnf"
6409 kerberos_private_data_t* private_data = kerberos_get_private_data(actx);
6410 private_data->is_enc_padata = TRUE;
6411
6412
6413 offset = dissect_kerberos_METHOD_DATA(implicit_tag, tvb, offset, actx, tree, hf_index);
6414
6415 #line 609 "./asn1/kerberos/kerberos.cnf"
6416 private_data->is_enc_padata = FALSE;
6417
6418
6419 return offset;
6420 }
6421
6422
6423 static const ber_sequence_t EncKDCRepPart_sequence[] = {
6424 { &hf_kerberos_encKDCRepPart_key, BER_CLASS_CON, 0, 0, dissect_kerberos_T_encKDCRepPart_key },
6425 { &hf_kerberos_last_req , BER_CLASS_CON, 1, 0, dissect_kerberos_LastReq },
6426 { &hf_kerberos_nonce , BER_CLASS_CON, 2, 0, dissect_kerberos_UInt32 },
6427 { &hf_kerberos_key_expiration, BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL, dissect_kerberos_KerberosTime },
6428 { &hf_kerberos_flags , BER_CLASS_CON, 4, 0, dissect_kerberos_TicketFlags },
6429 { &hf_kerberos_authtime , BER_CLASS_CON, 5, 0, dissect_kerberos_KerberosTime },
6430 { &hf_kerberos_starttime , BER_CLASS_CON, 6, BER_FLAGS_OPTIONAL, dissect_kerberos_KerberosTime },
6431 { &hf_kerberos_endtime , BER_CLASS_CON, 7, 0, dissect_kerberos_KerberosTime },
6432 { &hf_kerberos_renew_till , BER_CLASS_CON, 8, BER_FLAGS_OPTIONAL, dissect_kerberos_KerberosTime },
6433 { &hf_kerberos_srealm , BER_CLASS_CON, 9, 0, dissect_kerberos_Realm },
6434 { &hf_kerberos_sname , BER_CLASS_CON, 10, 0, dissect_kerberos_SName },
6435 { &hf_kerberos_caddr , BER_CLASS_CON, 11, BER_FLAGS_OPTIONAL, dissect_kerberos_HostAddresses },
6436 { &hf_kerberos_encrypted_pa_data, BER_CLASS_CON, 12, BER_FLAGS_OPTIONAL, dissect_kerberos_T_encrypted_pa_data },
6437 { NULL, 0, 0, 0, NULL }
6438 };
6439
6440 static int
6441 dissect_kerberos_EncKDCRepPart(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6442 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
6443 EncKDCRepPart_sequence, hf_index, ett_kerberos_EncKDCRepPart);
6444
6445 return offset;
6446 }
6447
6448
6449
6450 static int
6451 dissect_kerberos_EncASRepPart(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6452 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
6453 hf_index, BER_CLASS_APP, 25, FALSE, dissect_kerberos_EncKDCRepPart);
6454
6455 return offset;
6456 }
6457
6458
6459
6460 static int
6461 dissect_kerberos_EncTGSRepPart(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6462 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
6463 hf_index, BER_CLASS_APP, 26, FALSE, dissect_kerberos_EncKDCRepPart);
6464
6465 return offset;
6466 }
6467
6468
6469
6470 static int
6471 dissect_kerberos_T_encAPRepPart_subkey(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6472 #line 456 "./asn1/kerberos/kerberos.cnf"
6473 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
6474 gint save_encryption_key_parent_hf_index = private_data->save_encryption_key_parent_hf_index;
6475 kerberos_key_save_fn saved_encryption_key_fn = private_data->save_encryption_key_fn;
6476 private_data->save_encryption_key_parent_hf_index = hf_kerberos_encAPRepPart;
6477 #ifdef HAVE_KERBEROS
6478 private_data->save_encryption_key_fn = save_EncAPRepPart_subkey;
6479 #endif
6480 offset = dissect_kerberos_EncryptionKey(implicit_tag, tvb, offset, actx, tree, hf_index);
6481
6482 private_data->save_encryption_key_parent_hf_index = save_encryption_key_parent_hf_index;
6483 private_data->save_encryption_key_fn = saved_encryption_key_fn;
6484
6485
6486
6487 return offset;
6488 }
6489
6490
6491 static const ber_sequence_t EncAPRepPart_U_sequence[] = {
6492 { &hf_kerberos_ctime , BER_CLASS_CON, 0, 0, dissect_kerberos_KerberosTime },
6493 { &hf_kerberos_cusec , BER_CLASS_CON, 1, 0, dissect_kerberos_Microseconds },
6494 { &hf_kerberos_encAPRepPart_subkey, BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL, dissect_kerberos_T_encAPRepPart_subkey },
6495 { &hf_kerberos_seq_number , BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL, dissect_kerberos_UInt32 },
6496 { NULL, 0, 0, 0, NULL }
6497 };
6498
6499 static int
6500 dissect_kerberos_EncAPRepPart_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6501 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
6502 EncAPRepPart_U_sequence, hf_index, ett_kerberos_EncAPRepPart_U);
6503
6504 return offset;
6505 }
6506
6507
6508
6509 static int
6510 dissect_kerberos_EncAPRepPart(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6511 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
6512 hf_index, BER_CLASS_APP, 27, FALSE, dissect_kerberos_EncAPRepPart_U);
6513
6514 return offset;
6515 }
6516
6517
6518
6519 static int
6520 dissect_kerberos_T_encKrbPrivPart_user_data(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6521 #line 597 "./asn1/kerberos/kerberos.cnf"
6522 kerberos_private_data_t* private_data = kerberos_get_private_data(actx);
6523 tvbuff_t *new_tvb;
6524 offset=dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_index, &new_tvb);
6525 if (new_tvb) {
6526 call_kerberos_callbacks(actx->pinfo, tree, new_tvb, KRB_CBTAG_PRIV_USER_DATA, private_data->callbacks);
6527 }
6528
6529
6530
6531 return offset;
6532 }
6533
6534
6535 static const ber_sequence_t EncKrbPrivPart_sequence[] = {
6536 { &hf_kerberos_encKrbPrivPart_user_data, BER_CLASS_CON, 0, 0, dissect_kerberos_T_encKrbPrivPart_user_data },
6537 { &hf_kerberos_timestamp , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_KerberosTime },
6538 { &hf_kerberos_usec , BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL, dissect_kerberos_Microseconds },
6539 { &hf_kerberos_seq_number , BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL, dissect_kerberos_UInt32 },
6540 { &hf_kerberos_s_address , BER_CLASS_CON, 4, 0, dissect_kerberos_HostAddress },
6541 { &hf_kerberos_r_address , BER_CLASS_CON, 5, BER_FLAGS_OPTIONAL, dissect_kerberos_HostAddress },
6542 { NULL, 0, 0, 0, NULL }
6543 };
6544
6545 static int
6546 dissect_kerberos_EncKrbPrivPart(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6547 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
6548 EncKrbPrivPart_sequence, hf_index, ett_kerberos_EncKrbPrivPart);
6549
6550 return offset;
6551 }
6552
6553
6554
6555 static int
6556 dissect_kerberos_ENC_KRB_PRIV_PART(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6557 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
6558 hf_index, BER_CLASS_APP, 28, FALSE, dissect_kerberos_EncKrbPrivPart);
6559
6560 return offset;
6561 }
6562
6563
6564
6565 static int
6566 dissect_kerberos_T_krbCredInfo_key(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6567 #line 501 "./asn1/kerberos/kerberos.cnf"
6568 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
6569 gint save_encryption_key_parent_hf_index = private_data->save_encryption_key_parent_hf_index;
6570 kerberos_key_save_fn saved_encryption_key_fn = private_data->save_encryption_key_fn;
6571 private_data->save_encryption_key_parent_hf_index = hf_kerberos_ticket_info_item;
6572 #ifdef HAVE_KERBEROS
6573 private_data->save_encryption_key_fn = save_KrbCredInfo_key;
6574 #endif
6575 offset = dissect_kerberos_EncryptionKey(implicit_tag, tvb, offset, actx, tree, hf_index);
6576
6577 private_data->save_encryption_key_parent_hf_index = save_encryption_key_parent_hf_index;
6578 private_data->save_encryption_key_fn = saved_encryption_key_fn;
6579
6580
6581
6582 return offset;
6583 }
6584
6585
6586 static const ber_sequence_t SEQUENCE_OF_KerberosString_sequence_of[1] = {
6587 { &hf_kerberos_name_string_item, BER_CLASS_UNI, BER_UNI_TAG_GeneralString, BER_FLAGS_NOOWNTAG, dissect_kerberos_KerberosString },
6588 };
6589
6590 static int
6591 dissect_kerberos_SEQUENCE_OF_KerberosString(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6592 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
6593 SEQUENCE_OF_KerberosString_sequence_of, hf_index, ett_kerberos_SEQUENCE_OF_KerberosString);
6594
6595 return offset;
6596 }
6597
6598
6599 static const ber_sequence_t PrincipalName_sequence[] = {
6600 { &hf_kerberos_name_type , BER_CLASS_CON, 0, 0, dissect_kerberos_NAME_TYPE },
6601 { &hf_kerberos_name_string, BER_CLASS_CON, 1, 0, dissect_kerberos_SEQUENCE_OF_KerberosString },
6602 { NULL, 0, 0, 0, NULL }
6603 };
6604
6605 static int
6606 dissect_kerberos_PrincipalName(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6607 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
6608 PrincipalName_sequence, hf_index, ett_kerberos_PrincipalName);
6609
6610 return offset;
6611 }
6612
6613
6614 static const ber_sequence_t KrbCredInfo_sequence[] = {
6615 { &hf_kerberos_krbCredInfo_key, BER_CLASS_CON, 0, 0, dissect_kerberos_T_krbCredInfo_key },
6616 { &hf_kerberos_prealm , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_Realm },
6617 { &hf_kerberos_pname , BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL, dissect_kerberos_PrincipalName },
6618 { &hf_kerberos_flags , BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL, dissect_kerberos_TicketFlags },
6619 { &hf_kerberos_authtime , BER_CLASS_CON, 4, BER_FLAGS_OPTIONAL, dissect_kerberos_KerberosTime },
6620 { &hf_kerberos_starttime , BER_CLASS_CON, 5, BER_FLAGS_OPTIONAL, dissect_kerberos_KerberosTime },
6621 { &hf_kerberos_endtime , BER_CLASS_CON, 6, BER_FLAGS_OPTIONAL, dissect_kerberos_KerberosTime },
6622 { &hf_kerberos_renew_till , BER_CLASS_CON, 7, BER_FLAGS_OPTIONAL, dissect_kerberos_KerberosTime },
6623 { &hf_kerberos_srealm , BER_CLASS_CON, 8, BER_FLAGS_OPTIONAL, dissect_kerberos_Realm },
6624 { &hf_kerberos_sname , BER_CLASS_CON, 9, BER_FLAGS_OPTIONAL, dissect_kerberos_SName },
6625 { &hf_kerberos_caddr , BER_CLASS_CON, 10, BER_FLAGS_OPTIONAL, dissect_kerberos_HostAddresses },
6626 { NULL, 0, 0, 0, NULL }
6627 };
6628
6629 static int
6630 dissect_kerberos_KrbCredInfo(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6631 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
6632 KrbCredInfo_sequence, hf_index, ett_kerberos_KrbCredInfo);
6633
6634 return offset;
6635 }
6636
6637
6638 static const ber_sequence_t SEQUENCE_OF_KrbCredInfo_sequence_of[1] = {
6639 { &hf_kerberos_ticket_info_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_kerberos_KrbCredInfo },
6640 };
6641
6642 static int
6643 dissect_kerberos_SEQUENCE_OF_KrbCredInfo(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6644 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
6645 SEQUENCE_OF_KrbCredInfo_sequence_of, hf_index, ett_kerberos_SEQUENCE_OF_KrbCredInfo);
6646
6647 return offset;
6648 }
6649
6650
6651 static const ber_sequence_t EncKrbCredPart_U_sequence[] = {
6652 { &hf_kerberos_ticket_info, BER_CLASS_CON, 0, 0, dissect_kerberos_SEQUENCE_OF_KrbCredInfo },
6653 { &hf_kerberos_nonce , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_UInt32 },
6654 { &hf_kerberos_timestamp , BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL, dissect_kerberos_KerberosTime },
6655 { &hf_kerberos_usec , BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL, dissect_kerberos_Microseconds },
6656 { &hf_kerberos_s_address , BER_CLASS_CON, 4, BER_FLAGS_OPTIONAL, dissect_kerberos_HostAddress },
6657 { &hf_kerberos_r_address , BER_CLASS_CON, 5, BER_FLAGS_OPTIONAL, dissect_kerberos_HostAddress },
6658 { NULL, 0, 0, 0, NULL }
6659 };
6660
6661 static int
6662 dissect_kerberos_EncKrbCredPart_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6663 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
6664 EncKrbCredPart_U_sequence, hf_index, ett_kerberos_EncKrbCredPart_U);
6665
6666 return offset;
6667 }
6668
6669
6670
6671 static int
6672 dissect_kerberos_EncKrbCredPart(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6673 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
6674 hf_index, BER_CLASS_APP, 29, FALSE, dissect_kerberos_EncKrbCredPart_U);
6675
6676 return offset;
6677 }
6678
6679
6680 static const value_string kerberos_ERROR_CODE_vals[] = {
6681 { 0, "eRR-NONE" },
6682 { 1, "eRR-NAME-EXP" },
6683 { 2, "eRR-SERVICE-EXP" },
6684 { 3, "eRR-BAD-PVNO" },
6685 { 4, "eRR-C-OLD-MAST-KVNO" },
6686 { 5, "eRR-S-OLD-MAST-KVNO" },
6687 { 6, "eRR-C-PRINCIPAL-UNKNOWN" },
6688 { 7, "eRR-S-PRINCIPAL-UNKNOWN" },
6689 { 8, "eRR-PRINCIPAL-NOT-UNIQUE" },
6690 { 9, "eRR-NULL-KEY" },
6691 { 10, "eRR-CANNOT-POSTDATE" },
6692 { 11, "eRR-NEVER-VALID" },
6693 { 12, "eRR-POLICY" },
6694 { 13, "eRR-BADOPTION" },
6695 { 14, "eRR-ETYPE-NOSUPP" },
6696 { 15, "eRR-SUMTYPE-NOSUPP" },
6697 { 16, "eRR-PADATA-TYPE-NOSUPP" },
6698 { 17, "eRR-TRTYPE-NOSUPP" },
6699 { 18, "eRR-CLIENT-REVOKED" },
6700 { 19, "eRR-SERVICE-REVOKED" },
6701 { 20, "eRR-TGT-REVOKED" },
6702 { 21, "eRR-CLIENT-NOTYET" },
6703 { 22, "eRR-SERVICE-NOTYET" },
6704 { 23, "eRR-KEY-EXP" },
6705 { 24, "eRR-PREAUTH-FAILED" },
6706 { 25, "eRR-PREAUTH-REQUIRED" },
6707 { 26, "eRR-SERVER-NOMATCH" },
6708 { 27, "eRR-MUST-USE-USER2USER" },
6709 { 28, "eRR-PATH-NOT-ACCEPTED" },
6710 { 29, "eRR-SVC-UNAVAILABLE" },
6711 { 31, "eRR-BAD-INTEGRITY" },
6712 { 32, "eRR-TKT-EXPIRED" },
6713 { 33, "eRR-TKT-NYV" },
6714 { 34, "eRR-REPEAT" },
6715 { 35, "eRR-NOT-US" },
6716 { 36, "eRR-BADMATCH" },
6717 { 37, "eRR-SKEW" },
6718 { 38, "eRR-BADADDR" },
6719 { 39, "eRR-BADVERSION" },
6720 { 40, "eRR-MSG-TYPE" },
6721 { 41, "eRR-MODIFIED" },
6722 { 42, "eRR-BADORDER" },
6723 { 43, "eRR-ILL-CR-TKT" },
6724 { 44, "eRR-BADKEYVER" },
6725 { 45, "eRR-NOKEY" },
6726 { 46, "eRR-MUT-FAIL" },
6727 { 47, "eRR-BADDIRECTION" },
6728 { 48, "eRR-METHOD" },
6729 { 49, "eRR-BADSEQ" },
6730 { 50, "eRR-INAPP-CKSUM" },
6731 { 51, "pATH-NOT-ACCEPTED" },
6732 { 52, "eRR-RESPONSE-TOO-BIG" },
6733 { 60, "eRR-GENERIC" },
6734 { 61, "eRR-FIELD-TOOLONG" },
6735 { 62, "eRROR-CLIENT-NOT-TRUSTED" },
6736 { 63, "eRROR-KDC-NOT-TRUSTED" },
6737 { 64, "eRROR-INVALID-SIG" },
6738 { 65, "eRR-KEY-TOO-WEAK" },
6739 { 66, "eRR-CERTIFICATE-MISMATCH" },
6740 { 67, "eRR-NO-TGT" },
6741 { 68, "eRR-WRONG-REALM" },
6742 { 69, "eRR-USER-TO-USER-REQUIRED" },
6743 { 70, "eRR-CANT-VERIFY-CERTIFICATE" },
6744 { 71, "eRR-INVALID-CERTIFICATE" },
6745 { 72, "eRR-REVOKED-CERTIFICATE" },
6746 { 73, "eRR-REVOCATION-STATUS-UNKNOWN" },
6747 { 74, "eRR-REVOCATION-STATUS-UNAVAILABLE" },
6748 { 75, "eRR-CLIENT-NAME-MISMATCH" },
6749 { 76, "eRR-KDC-NAME-MISMATCH" },
6750 { 0, NULL }
6751 };
6752
6753
6754 static int
6755 dissect_kerberos_ERROR_CODE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6756 #line 122 "./asn1/kerberos/kerberos.cnf"
6757 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
6758 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
6759 &private_data->errorcode);
6760
6761
6762
6763
6764 #line 126 "./asn1/kerberos/kerberos.cnf"
6765 if (private_data->errorcode) {
6766 col_add_fstr(actx->pinfo->cinfo, COL_INFO,
6767 "KRB Error: %s",
6768 val_to_str(private_data->errorcode, krb5_error_codes,
6769 "Unknown error code %#x"));
6770 }
6771
6772
6773 return offset;
6774 }
6775
6776
6777
6778 static int
6779 dissect_kerberos_T_e_data(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6780 #line 135 "./asn1/kerberos/kerberos.cnf"
6781 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
6782
6783 switch (private_data->errorcode) {
6784 case KRB5_ET_KRB5KDC_ERR_BADOPTION:
6785 case KRB5_ET_KRB5KDC_ERR_CLIENT_REVOKED:
6786 case KRB5_ET_KRB5KDC_ERR_KEY_EXP:
6787 case KRB5_ET_KRB5KDC_ERR_POLICY:
6788 /* ms windows kdc sends e-data of this type containing a "salt"
6789 * that contains the nt_status code for these error codes.
6790 */
6791 private_data->try_nt_status = TRUE;
6792 offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_kerberos_e_data, dissect_kerberos_PA_DATA);
6793 break;
6794 case KRB5_ET_KRB5KDC_ERR_PREAUTH_REQUIRED:
6795 case KRB5_ET_KRB5KDC_ERR_PREAUTH_FAILED:
6796 case KRB5_ET_KRB5KDC_ERR_ETYPE_NOSUPP:
6797 case KRB5_ET_KDC_ERR_WRONG_REALM:
6798 case KRB5_ET_KDC_ERR_PREAUTH_EXPIRED:
6799 case KRB5_ET_KDC_ERR_MORE_PREAUTH_DATA_REQUIRED:
6800 case KRB5_ET_KDC_ERR_PREAUTH_BAD_AUTHENTICATION_SET:
6801 case KRB5_ET_KDC_ERR_UNKNOWN_CRITICAL_FAST_OPTIONS:
6802 offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_kerberos_e_data, dissect_kerberos_SEQUENCE_OF_PA_DATA);
6803 break;
6804 default:
6805 offset=dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_kerberos_e_data, NULL);
6806 break;
6807 }
6808
6809
6810
6811
6812 return offset;
6813 }
6814
6815
6816 static const ber_sequence_t KRB_ERROR_U_sequence[] = {
6817 { &hf_kerberos_pvno , BER_CLASS_CON, 0, 0, dissect_kerberos_INTEGER_5 },
6818 { &hf_kerberos_msg_type , BER_CLASS_CON, 1, 0, dissect_kerberos_MESSAGE_TYPE },
6819 { &hf_kerberos_ctime , BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL, dissect_kerberos_KerberosTime },
6820 { &hf_kerberos_cusec , BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL, dissect_kerberos_Microseconds },
6821 { &hf_kerberos_stime , BER_CLASS_CON, 4, 0, dissect_kerberos_KerberosTime },
6822 { &hf_kerberos_susec , BER_CLASS_CON, 5, 0, dissect_kerberos_Microseconds },
6823 { &hf_kerberos_error_code , BER_CLASS_CON, 6, 0, dissect_kerberos_ERROR_CODE },
6824 { &hf_kerberos_crealm , BER_CLASS_CON, 7, BER_FLAGS_OPTIONAL, dissect_kerberos_Realm },
6825 { &hf_kerberos_cname , BER_CLASS_CON, 8, BER_FLAGS_OPTIONAL, dissect_kerberos_CName },
6826 { &hf_kerberos_realm , BER_CLASS_CON, 9, 0, dissect_kerberos_Realm },
6827 { &hf_kerberos_sname , BER_CLASS_CON, 10, 0, dissect_kerberos_SName },
6828 { &hf_kerberos_e_text , BER_CLASS_CON, 11, BER_FLAGS_OPTIONAL, dissect_kerberos_KerberosString },
6829 { &hf_kerberos_e_data , BER_CLASS_CON, 12, BER_FLAGS_OPTIONAL, dissect_kerberos_T_e_data },
6830 { &hf_kerberos_e_checksum , BER_CLASS_CON, 13, BER_FLAGS_OPTIONAL, dissect_kerberos_Checksum },
6831 { NULL, 0, 0, 0, NULL }
6832 };
6833
6834 static int
6835 dissect_kerberos_KRB_ERROR_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6836 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
6837 KRB_ERROR_U_sequence, hf_index, ett_kerberos_KRB_ERROR_U);
6838
6839 return offset;
6840 }
6841
6842
6843
6844 static int
6845 dissect_kerberos_KRB_ERROR(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6846 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
6847 hf_index, BER_CLASS_APP, 30, FALSE, dissect_kerberos_KRB_ERROR_U);
6848
6849 return offset;
6850 }
6851
6852
6853 static const ber_choice_t Applications_choice[] = {
6854 { KERBEROS_APPLICATIONS_TICKET, &hf_kerberos_ticket , BER_CLASS_APP, 1, BER_FLAGS_NOOWNTAG, dissect_kerberos_Ticket },
6855 { KERBEROS_APPLICATIONS_AUTHENTICATOR, &hf_kerberos_authenticator, BER_CLASS_APP, 2, BER_FLAGS_NOOWNTAG, dissect_kerberos_Authenticator },
6856 { KERBEROS_APPLICATIONS_ENCTICKETPART, &hf_kerberos_encTicketPart, BER_CLASS_APP, 3, BER_FLAGS_NOOWNTAG, dissect_kerberos_EncTicketPart },
6857 { KERBEROS_APPLICATIONS_AS_REQ, &hf_kerberos_as_req , BER_CLASS_APP, 10, BER_FLAGS_NOOWNTAG, dissect_kerberos_AS_REQ },
6858 { KERBEROS_APPLICATIONS_AS_REP, &hf_kerberos_as_rep , BER_CLASS_APP, 11, BER_FLAGS_NOOWNTAG, dissect_kerberos_AS_REP },
6859 { KERBEROS_APPLICATIONS_TGS_REQ, &hf_kerberos_tgs_req , BER_CLASS_APP, 12, BER_FLAGS_NOOWNTAG, dissect_kerberos_TGS_REQ },
6860 { KERBEROS_APPLICATIONS_TGS_REP, &hf_kerberos_tgs_rep , BER_CLASS_APP, 13, BER_FLAGS_NOOWNTAG, dissect_kerberos_TGS_REP },
6861 { KERBEROS_APPLICATIONS_AP_REQ, &hf_kerberos_ap_req , BER_CLASS_APP, 14, BER_FLAGS_NOOWNTAG, dissect_kerberos_AP_REQ },
6862 { KERBEROS_APPLICATIONS_AP_REP, &hf_kerberos_ap_rep , BER_CLASS_APP, 15, BER_FLAGS_NOOWNTAG, dissect_kerberos_AP_REP },
6863 { KERBEROS_APPLICATIONS_KRB_SAFE, &hf_kerberos_krb_safe , BER_CLASS_APP, 20, BER_FLAGS_NOOWNTAG, dissect_kerberos_KRB_SAFE },
6864 { KERBEROS_APPLICATIONS_KRB_PRIV, &hf_kerberos_krb_priv , BER_CLASS_APP, 21, BER_FLAGS_NOOWNTAG, dissect_kerberos_KRB_PRIV },
6865 { KERBEROS_APPLICATIONS_KRB_CRED, &hf_kerberos_krb_cred , BER_CLASS_APP, 22, BER_FLAGS_NOOWNTAG, dissect_kerberos_KRB_CRED },
6866 { KERBEROS_APPLICATIONS_ENCASREPPART, &hf_kerberos_encASRepPart, BER_CLASS_APP, 25, BER_FLAGS_NOOWNTAG, dissect_kerberos_EncASRepPart },
6867 { KERBEROS_APPLICATIONS_ENCTGSREPPART, &hf_kerberos_encTGSRepPart, BER_CLASS_APP, 26, BER_FLAGS_NOOWNTAG, dissect_kerberos_EncTGSRepPart },
6868 { KERBEROS_APPLICATIONS_ENCAPREPPART, &hf_kerberos_encAPRepPart, BER_CLASS_APP, 27, BER_FLAGS_NOOWNTAG, dissect_kerberos_EncAPRepPart },
6869 { KERBEROS_APPLICATIONS_ENCKRBPRIVPART, &hf_kerberos_encKrbPrivPart, BER_CLASS_APP, 28, BER_FLAGS_NOOWNTAG, dissect_kerberos_ENC_KRB_PRIV_PART },
6870 { KERBEROS_APPLICATIONS_ENCKRBCREDPART, &hf_kerberos_encKrbCredPart, BER_CLASS_APP, 29, BER_FLAGS_NOOWNTAG, dissect_kerberos_EncKrbCredPart },
6871 { KERBEROS_APPLICATIONS_KRB_ERROR, &hf_kerberos_krb_error , BER_CLASS_APP, 30, BER_FLAGS_NOOWNTAG, dissect_kerberos_KRB_ERROR },
6872 { 0, NULL, 0, 0, 0, NULL }
6873 };
6874
6875 static int
6876 dissect_kerberos_Applications(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6877 offset = dissect_ber_choice(actx, tree, tvb, offset,
6878 Applications_choice, hf_index, ett_kerberos_Applications,
6879 NULL);
6880
6881 return offset;
6882 }
6883
6884
6885
6886 static int
6887 dissect_kerberos_T_pA_ENC_TIMESTAMP_cipher(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6888 #line 355 "./asn1/kerberos/kerberos.cnf"
6889 #ifdef HAVE_KERBEROS
6890 offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_PA_ENC_TIMESTAMP);
6891 #else
6892 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
6893 NULL);
6894
6895 #endif
6896
6897
6898
6899 return offset;
6900 }
6901
6902
6903 static const ber_sequence_t PA_ENC_TIMESTAMP_sequence[] = {
6904 { &hf_kerberos_etype , BER_CLASS_CON, 0, 0, dissect_kerberos_ENCTYPE },
6905 { &hf_kerberos_kvno , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_UInt32 },
6906 { &hf_kerberos_pA_ENC_TIMESTAMP_cipher, BER_CLASS_CON, 2, 0, dissect_kerberos_T_pA_ENC_TIMESTAMP_cipher },
6907 { NULL, 0, 0, 0, NULL }
6908 };
6909
6910 static int
6911 dissect_kerberos_PA_ENC_TIMESTAMP(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6912 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
6913 PA_ENC_TIMESTAMP_sequence, hf_index, ett_kerberos_PA_ENC_TIMESTAMP);
6914
6915 return offset;
6916 }
6917
6918
6919 static const ber_sequence_t ETYPE_INFO_ENTRY_sequence[] = {
6920 { &hf_kerberos_etype , BER_CLASS_CON, 0, 0, dissect_kerberos_ENCTYPE },
6921 { &hf_kerberos_info_salt , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_OCTET_STRING },
6922 { NULL, 0, 0, 0, NULL }
6923 };
6924
6925 static int
6926 dissect_kerberos_ETYPE_INFO_ENTRY(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6927 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
6928 ETYPE_INFO_ENTRY_sequence, hf_index, ett_kerberos_ETYPE_INFO_ENTRY);
6929
6930 return offset;
6931 }
6932
6933
6934 static const ber_sequence_t ETYPE_INFO_sequence_of[1] = {
6935 { &hf_kerberos_ETYPE_INFO_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_kerberos_ETYPE_INFO_ENTRY },
6936 };
6937
6938 static int
6939 dissect_kerberos_ETYPE_INFO(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6940 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
6941 ETYPE_INFO_sequence_of, hf_index, ett_kerberos_ETYPE_INFO);
6942
6943 return offset;
6944 }
6945
6946
6947 static const ber_sequence_t ETYPE_INFO2_ENTRY_sequence[] = {
6948 { &hf_kerberos_etype , BER_CLASS_CON, 0, 0, dissect_kerberos_ENCTYPE },
6949 { &hf_kerberos_info2_salt , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_KerberosString },
6950 { &hf_kerberos_s2kparams , BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL, dissect_kerberos_OCTET_STRING },
6951 { NULL, 0, 0, 0, NULL }
6952 };
6953
6954 static int
6955 dissect_kerberos_ETYPE_INFO2_ENTRY(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6956 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
6957 ETYPE_INFO2_ENTRY_sequence, hf_index, ett_kerberos_ETYPE_INFO2_ENTRY);
6958
6959 return offset;
6960 }
6961
6962
6963 static const ber_sequence_t ETYPE_INFO2_sequence_of[1] = {
6964 { &hf_kerberos_ETYPE_INFO2_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_kerberos_ETYPE_INFO2_ENTRY },
6965 };
6966
6967 static int
6968 dissect_kerberos_ETYPE_INFO2(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6969 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
6970 ETYPE_INFO2_sequence_of, hf_index, ett_kerberos_ETYPE_INFO2);
6971
6972 return offset;
6973 }
6974
6975
6976
6977 static int
6978 dissect_kerberos_AD_IF_RELEVANT(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6979 offset = dissect_kerberos_AuthorizationData(implicit_tag, tvb, offset, actx, tree, hf_index);
6980
6981 return offset;
6982 }
6983
6984
6985 static const ber_sequence_t TGT_REQ_sequence[] = {
6986 { &hf_kerberos_pvno , BER_CLASS_CON, 0, 0, dissect_kerberos_INTEGER_5 },
6987 { &hf_kerberos_msg_type , BER_CLASS_CON, 1, 0, dissect_kerberos_MESSAGE_TYPE },
6988 { &hf_kerberos_server_name, BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL, dissect_kerberos_PrincipalName },
6989 { &hf_kerberos_realm , BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL, dissect_kerberos_Realm },
6990 { NULL, 0, 0, 0, NULL }
6991 };
6992
6993 int
6994 dissect_kerberos_TGT_REQ(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
6995 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
6996 TGT_REQ_sequence, hf_index, ett_kerberos_TGT_REQ);
6997
6998 return offset;
6999 }
7000
7001
7002 static const ber_sequence_t TGT_REP_sequence[] = {
7003 { &hf_kerberos_pvno , BER_CLASS_CON, 0, 0, dissect_kerberos_INTEGER_5 },
7004 { &hf_kerberos_msg_type , BER_CLASS_CON, 1, 0, dissect_kerberos_MESSAGE_TYPE },
7005 { &hf_kerberos_ticket , BER_CLASS_CON, 2, 0, dissect_kerberos_Ticket },
7006 { NULL, 0, 0, 0, NULL }
7007 };
7008
7009 int
7010 dissect_kerberos_TGT_REP(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7011 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
7012 TGT_REP_sequence, hf_index, ett_kerberos_TGT_REP);
7013
7014 return offset;
7015 }
7016
7017
7018
7019 static int
7020 dissect_kerberos_BOOLEAN(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7021 offset = dissect_ber_boolean(implicit_tag, actx, tree, tvb, offset, hf_index, NULL);
7022
7023 return offset;
7024 }
7025
7026
7027 static const ber_sequence_t PA_PAC_REQUEST_sequence[] = {
7028 { &hf_kerberos_include_pac, BER_CLASS_CON, 0, 0, dissect_kerberos_BOOLEAN },
7029 { NULL, 0, 0, 0, NULL }
7030 };
7031
7032 static int
7033 dissect_kerberos_PA_PAC_REQUEST(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7034 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
7035 PA_PAC_REQUEST_sequence, hf_index, ett_kerberos_PA_PAC_REQUEST);
7036
7037 return offset;
7038 }
7039
7040
7041
7042 static int
7043 dissect_kerberos_GeneralString(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7044 offset = dissect_ber_restricted_string(implicit_tag, BER_UNI_TAG_GeneralString,
7045 actx, tree, tvb, offset, hf_index,
7046 NULL);
7047
7048 return offset;
7049 }
7050
7051
7052 static const ber_sequence_t PA_S4U2Self_sequence[] = {
7053 { &hf_kerberos_name , BER_CLASS_CON, 0, 0, dissect_kerberos_PrincipalName },
7054 { &hf_kerberos_realm , BER_CLASS_CON, 1, 0, dissect_kerberos_Realm },
7055 { &hf_kerberos_cksum , BER_CLASS_CON, 2, 0, dissect_kerberos_Checksum },
7056 { &hf_kerberos_auth , BER_CLASS_CON, 3, 0, dissect_kerberos_GeneralString },
7057 { NULL, 0, 0, 0, NULL }
7058 };
7059
7060 static int
7061 dissect_kerberos_PA_S4U2Self(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7062 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
7063 PA_S4U2Self_sequence, hf_index, ett_kerberos_PA_S4U2Self);
7064
7065 return offset;
7066 }
7067
7068
7069
7070 static int
7071 dissect_kerberos_T_subject_certificate(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7072 #line 559 "./asn1/kerberos/kerberos.cnf"
7073 offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset,hf_index, dissect_x509af_Certificate);
7074
7075
7076
7077 return offset;
7078 }
7079
7080
7081
7082 static int
7083 dissect_kerberos_BIT_STRING(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7084 offset = dissect_ber_bitstring(implicit_tag, actx, tree, tvb, offset,
7085 NULL, 0, hf_index, -1,
7086 NULL);
7087
7088 return offset;
7089 }
7090
7091
7092 static const ber_sequence_t S4UUserID_sequence[] = {
7093 { &hf_kerberos_nonce , BER_CLASS_CON, 0, 0, dissect_kerberos_UInt32 },
7094 { &hf_kerberos_cname_01 , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_PrincipalName },
7095 { &hf_kerberos_crealm , BER_CLASS_CON, 2, 0, dissect_kerberos_Realm },
7096 { &hf_kerberos_subject_certificate, BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL, dissect_kerberos_T_subject_certificate },
7097 { &hf_kerberos_options , BER_CLASS_CON, 4, BER_FLAGS_OPTIONAL, dissect_kerberos_BIT_STRING },
7098 { NULL, 0, 0, 0, NULL }
7099 };
7100
7101 static int
7102 dissect_kerberos_S4UUserID(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7103 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
7104 S4UUserID_sequence, hf_index, ett_kerberos_S4UUserID);
7105
7106 return offset;
7107 }
7108
7109
7110 static const ber_sequence_t PA_S4U_X509_USER_sequence[] = {
7111 { &hf_kerberos_user_id , BER_CLASS_CON, 0, 0, dissect_kerberos_S4UUserID },
7112 { &hf_kerberos_checksum_01, BER_CLASS_CON, 1, 0, dissect_kerberos_Checksum },
7113 { NULL, 0, 0, 0, NULL }
7114 };
7115
7116 static int
7117 dissect_kerberos_PA_S4U_X509_USER(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7118 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
7119 PA_S4U_X509_USER_sequence, hf_index, ett_kerberos_PA_S4U_X509_USER);
7120
7121 return offset;
7122 }
7123
7124
7125 static int * const PAC_OPTIONS_FLAGS_bits[] = {
7126 &hf_kerberos_PAC_OPTIONS_FLAGS_claims,
7127 &hf_kerberos_PAC_OPTIONS_FLAGS_branch_aware,
7128 &hf_kerberos_PAC_OPTIONS_FLAGS_forward_to_full_dc,
7129 &hf_kerberos_PAC_OPTIONS_FLAGS_resource_based_constrained_delegation,
7130 NULL
7131 };
7132
7133 static int
7134 dissect_kerberos_PAC_OPTIONS_FLAGS(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7135 offset = dissect_ber_bitstring(implicit_tag, actx, tree, tvb, offset,
7136 PAC_OPTIONS_FLAGS_bits, 4, hf_index, ett_kerberos_PAC_OPTIONS_FLAGS,
7137 NULL);
7138
7139 return offset;
7140 }
7141
7142
7143 static const ber_sequence_t PA_PAC_OPTIONS_sequence[] = {
7144 { &hf_kerberos_flags_01 , BER_CLASS_CON, 0, 0, dissect_kerberos_PAC_OPTIONS_FLAGS },
7145 { NULL, 0, 0, 0, NULL }
7146 };
7147
7148 static int
7149 dissect_kerberos_PA_PAC_OPTIONS(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7150 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
7151 PA_PAC_OPTIONS_sequence, hf_index, ett_kerberos_PA_PAC_OPTIONS);
7152
7153 return offset;
7154 }
7155
7156
7157 static const ber_sequence_t KERB_AD_RESTRICTION_ENTRY_U_sequence[] = {
7158 { &hf_kerberos_restriction_type, BER_CLASS_CON, 0, 0, dissect_kerberos_Int32 },
7159 { &hf_kerberos_restriction, BER_CLASS_CON, 1, 0, dissect_kerberos_OCTET_STRING },
7160 { NULL, 0, 0, 0, NULL }
7161 };
7162
7163 static int
7164 dissect_kerberos_KERB_AD_RESTRICTION_ENTRY_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7165 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
7166 KERB_AD_RESTRICTION_ENTRY_U_sequence, hf_index, ett_kerberos_KERB_AD_RESTRICTION_ENTRY_U);
7167
7168 return offset;
7169 }
7170
7171
7172
7173 static int
7174 dissect_kerberos_KERB_AD_RESTRICTION_ENTRY(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7175 offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
7176 hf_index, BER_CLASS_UNI, 16, FALSE, dissect_kerberos_KERB_AD_RESTRICTION_ENTRY_U);
7177
7178 return offset;
7179 }
7180
7181
7182 static const ber_sequence_t PA_KERB_KEY_LIST_REQ_sequence_of[1] = {
7183 { &hf_kerberos_PA_KERB_KEY_LIST_REQ_item, BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_kerberos_ENCTYPE },
7184 };
7185
7186 static int
7187 dissect_kerberos_PA_KERB_KEY_LIST_REQ(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7188 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
7189 PA_KERB_KEY_LIST_REQ_sequence_of, hf_index, ett_kerberos_PA_KERB_KEY_LIST_REQ);
7190
7191 return offset;
7192 }
7193
7194
7195
7196 static int
7197 dissect_kerberos_PA_KERB_KEY_LIST_REP_Key(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7198 offset = dissect_kerberos_EncryptionKey(implicit_tag, tvb, offset, actx, tree, hf_index);
7199
7200 return offset;
7201 }
7202
7203
7204
7205 static int
7206 dissect_kerberos_PA_KERB_KEY_LIST_REP_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7207 #line 513 "./asn1/kerberos/kerberos.cnf"
7208 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
7209 gint save_encryption_key_parent_hf_index = private_data->save_encryption_key_parent_hf_index;
7210 kerberos_key_save_fn saved_encryption_key_fn = private_data->save_encryption_key_fn;
7211 private_data->save_encryption_key_parent_hf_index = hf_kerberos_kerbKeyListRep_key;
7212 #ifdef HAVE_KERBEROS
7213 private_data->save_encryption_key_fn = save_encryption_key;
7214 #endif
7215 offset = dissect_kerberos_PA_KERB_KEY_LIST_REP_Key(implicit_tag, tvb, offset, actx, tree, hf_index);
7216
7217 private_data->save_encryption_key_parent_hf_index = save_encryption_key_parent_hf_index;
7218 private_data->save_encryption_key_fn = saved_encryption_key_fn;
7219
7220
7221
7222 return offset;
7223 }
7224
7225
7226 static const ber_sequence_t PA_KERB_KEY_LIST_REP_sequence_of[1] = {
7227 { &hf_kerberos_kerbKeyListRep_key, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_kerberos_PA_KERB_KEY_LIST_REP_item },
7228 };
7229
7230 static int
7231 dissect_kerberos_PA_KERB_KEY_LIST_REP(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7232 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
7233 PA_KERB_KEY_LIST_REP_sequence_of, hf_index, ett_kerberos_PA_KERB_KEY_LIST_REP);
7234
7235 return offset;
7236 }
7237
7238
7239 static const ber_sequence_t ChangePasswdData_sequence[] = {
7240 { &hf_kerberos_newpasswd , BER_CLASS_CON, 0, 0, dissect_kerberos_OCTET_STRING },
7241 { &hf_kerberos_targname , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_PrincipalName },
7242 { &hf_kerberos_targrealm , BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL, dissect_kerberos_Realm },
7243 { NULL, 0, 0, 0, NULL }
7244 };
7245
7246 int
7247 dissect_kerberos_ChangePasswdData(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7248 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
7249 ChangePasswdData_sequence, hf_index, ett_kerberos_ChangePasswdData);
7250
7251 return offset;
7252 }
7253
7254
7255 static const ber_sequence_t PA_AUTHENTICATION_SET_ELEM_sequence[] = {
7256 { &hf_kerberos_pa_type , BER_CLASS_CON, 0, 0, dissect_kerberos_PADATA_TYPE },
7257 { &hf_kerberos_pa_hint , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_OCTET_STRING },
7258 { &hf_kerberos_pa_value , BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL, dissect_kerberos_OCTET_STRING },
7259 { NULL, 0, 0, 0, NULL }
7260 };
7261
7262 static int
7263 dissect_kerberos_PA_AUTHENTICATION_SET_ELEM(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7264 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
7265 PA_AUTHENTICATION_SET_ELEM_sequence, hf_index, ett_kerberos_PA_AUTHENTICATION_SET_ELEM);
7266
7267 return offset;
7268 }
7269
7270
7271 static const value_string kerberos_KrbFastArmorTypes_vals[] = {
7272 { KERBEROS_FX_FAST_RESERVED, "fX-FAST-reserved" },
7273 { KERBEROS_FX_FAST_ARMOR_AP_REQUEST, "fX-FAST-ARMOR-AP-REQUEST" },
7274 { 0, NULL }
7275 };
7276
7277
7278 static int
7279 dissect_kerberos_KrbFastArmorTypes(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7280 #line 636 "./asn1/kerberos/kerberos.cnf"
7281 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
7282 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
7283 &(private_data->fast_type));
7284
7285
7286
7287
7288 return offset;
7289 }
7290
7291
7292
7293 static int
7294 dissect_kerberos_T_armor_value(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7295 #line 640 "./asn1/kerberos/kerberos.cnf"
7296 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
7297
7298 switch(private_data->fast_type){
7299 case KERBEROS_FX_FAST_ARMOR_AP_REQUEST:
7300 private_data->fast_armor_within_armor_value++;
7301 offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset, hf_index, dissect_kerberos_Applications);
7302 private_data->fast_armor_within_armor_value--;
7303 break;
7304 default:
7305 offset=dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index, NULL);
7306 break;
7307 }
7308
7309
7310
7311 return offset;
7312 }
7313
7314
7315 static const ber_sequence_t KrbFastArmor_sequence[] = {
7316 { &hf_kerberos_armor_type , BER_CLASS_CON, 0, 0, dissect_kerberos_KrbFastArmorTypes },
7317 { &hf_kerberos_armor_value, BER_CLASS_CON, 1, 0, dissect_kerberos_T_armor_value },
7318 { NULL, 0, 0, 0, NULL }
7319 };
7320
7321 static int
7322 dissect_kerberos_KrbFastArmor(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7323 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
7324 KrbFastArmor_sequence, hf_index, ett_kerberos_KrbFastArmor);
7325
7326 return offset;
7327 }
7328
7329
7330
7331 static int
7332 dissect_kerberos_T_encryptedKrbFastReq_cipher(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7333 #line 612 "./asn1/kerberos/kerberos.cnf"
7334 #ifdef HAVE_KERBEROS
7335 offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_KrbFastReq);
7336 #else
7337 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
7338 NULL);
7339
7340 #endif
7341 return offset;
7342
7343
7344
7345 return offset;
7346 }
7347
7348
7349 static const ber_sequence_t EncryptedKrbFastReq_sequence[] = {
7350 { &hf_kerberos_etype , BER_CLASS_CON, 0, 0, dissect_kerberos_ENCTYPE },
7351 { &hf_kerberos_kvno , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_UInt32 },
7352 { &hf_kerberos_encryptedKrbFastReq_cipher, BER_CLASS_CON, 2, 0, dissect_kerberos_T_encryptedKrbFastReq_cipher },
7353 { NULL, 0, 0, 0, NULL }
7354 };
7355
7356 static int
7357 dissect_kerberos_EncryptedKrbFastReq(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7358 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
7359 EncryptedKrbFastReq_sequence, hf_index, ett_kerberos_EncryptedKrbFastReq);
7360
7361 return offset;
7362 }
7363
7364
7365 static const ber_sequence_t KrbFastArmoredReq_sequence[] = {
7366 { &hf_kerberos_armor , BER_CLASS_CON, 0, BER_FLAGS_OPTIONAL, dissect_kerberos_KrbFastArmor },
7367 { &hf_kerberos_req_checksum, BER_CLASS_CON, 1, 0, dissect_kerberos_Checksum },
7368 { &hf_kerberos_enc_fast_req, BER_CLASS_CON, 2, 0, dissect_kerberos_EncryptedKrbFastReq },
7369 { NULL, 0, 0, 0, NULL }
7370 };
7371
7372 static int
7373 dissect_kerberos_KrbFastArmoredReq(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7374 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
7375 KrbFastArmoredReq_sequence, hf_index, ett_kerberos_KrbFastArmoredReq);
7376
7377 return offset;
7378 }
7379
7380
7381 static const ber_choice_t PA_FX_FAST_REQUEST_choice[] = {
7382 { 0, &hf_kerberos_armored_data_request, BER_CLASS_CON, 0, 0, dissect_kerberos_KrbFastArmoredReq },
7383 { 0, NULL, 0, 0, 0, NULL }
7384 };
7385
7386 static int
7387 dissect_kerberos_PA_FX_FAST_REQUEST(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7388 offset = dissect_ber_choice(actx, tree, tvb, offset,
7389 PA_FX_FAST_REQUEST_choice, hf_index, ett_kerberos_PA_FX_FAST_REQUEST,
7390 NULL);
7391
7392 return offset;
7393 }
7394
7395
7396
7397 static int
7398 dissect_kerberos_T_encryptedKrbFastResponse_cipher(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7399 #line 620 "./asn1/kerberos/kerberos.cnf"
7400 #ifdef HAVE_KERBEROS
7401 offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_KrbFastResponse);
7402 #else
7403 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
7404 NULL);
7405
7406 #endif
7407 return offset;
7408
7409
7410
7411 return offset;
7412 }
7413
7414
7415 static const ber_sequence_t EncryptedKrbFastResponse_sequence[] = {
7416 { &hf_kerberos_etype , BER_CLASS_CON, 0, 0, dissect_kerberos_ENCTYPE },
7417 { &hf_kerberos_kvno , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_UInt32 },
7418 { &hf_kerberos_encryptedKrbFastResponse_cipher, BER_CLASS_CON, 2, 0, dissect_kerberos_T_encryptedKrbFastResponse_cipher },
7419 { NULL, 0, 0, 0, NULL }
7420 };
7421
7422 static int
7423 dissect_kerberos_EncryptedKrbFastResponse(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7424 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
7425 EncryptedKrbFastResponse_sequence, hf_index, ett_kerberos_EncryptedKrbFastResponse);
7426
7427 return offset;
7428 }
7429
7430
7431 static const ber_sequence_t KrbFastArmoredRep_sequence[] = {
7432 { &hf_kerberos_enc_fast_rep, BER_CLASS_CON, 0, 0, dissect_kerberos_EncryptedKrbFastResponse },
7433 { NULL, 0, 0, 0, NULL }
7434 };
7435
7436 static int
7437 dissect_kerberos_KrbFastArmoredRep(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7438 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
7439 KrbFastArmoredRep_sequence, hf_index, ett_kerberos_KrbFastArmoredRep);
7440
7441 return offset;
7442 }
7443
7444
7445 static const ber_choice_t PA_FX_FAST_REPLY_choice[] = {
7446 { 0, &hf_kerberos_armored_data_reply, BER_CLASS_CON, 0, 0, dissect_kerberos_KrbFastArmoredRep },
7447 { 0, NULL, 0, 0, 0, NULL }
7448 };
7449
7450 static int
7451 dissect_kerberos_PA_FX_FAST_REPLY(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7452 offset = dissect_ber_choice(actx, tree, tvb, offset,
7453 PA_FX_FAST_REPLY_choice, hf_index, ett_kerberos_PA_FX_FAST_REPLY,
7454 NULL);
7455
7456 return offset;
7457 }
7458
7459
7460
7461 static int
7462 dissect_kerberos_T_encryptedChallenge_cipher(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7463 #line 628 "./asn1/kerberos/kerberos.cnf"
7464 #ifdef HAVE_KERBEROS
7465 offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_EncryptedChallenge);
7466 #else
7467 offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
7468 NULL);
7469
7470 #endif
7471 return offset;
7472
7473
7474
7475 return offset;
7476 }
7477
7478
7479 static const ber_sequence_t EncryptedChallenge_sequence[] = {
7480 { &hf_kerberos_etype , BER_CLASS_CON, 0, 0, dissect_kerberos_ENCTYPE },
7481 { &hf_kerberos_kvno , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_UInt32 },
7482 { &hf_kerberos_encryptedChallenge_cipher, BER_CLASS_CON, 2, 0, dissect_kerberos_T_encryptedChallenge_cipher },
7483 { NULL, 0, 0, 0, NULL }
7484 };
7485
7486 static int
7487 dissect_kerberos_EncryptedChallenge(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7488 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
7489 EncryptedChallenge_sequence, hf_index, ett_kerberos_EncryptedChallenge);
7490
7491 return offset;
7492 }
7493
7494
7495 static const ber_sequence_t EncryptedSpakeData_sequence[] = {
7496 { &hf_kerberos_etype , BER_CLASS_CON, 0, 0, dissect_kerberos_ENCTYPE },
7497 { &hf_kerberos_kvno , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_UInt32 },
7498 { &hf_kerberos_cipher , BER_CLASS_CON, 2, 0, dissect_kerberos_OCTET_STRING },
7499 { NULL, 0, 0, 0, NULL }
7500 };
7501
7502 static int
7503 dissect_kerberos_EncryptedSpakeData(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7504 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
7505 EncryptedSpakeData_sequence, hf_index, ett_kerberos_EncryptedSpakeData);
7506
7507 return offset;
7508 }
7509
7510
7511 static const ber_sequence_t EncryptedSpakeResponseData_sequence[] = {
7512 { &hf_kerberos_etype , BER_CLASS_CON, 0, 0, dissect_kerberos_ENCTYPE },
7513 { &hf_kerberos_kvno , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_UInt32 },
7514 { &hf_kerberos_cipher , BER_CLASS_CON, 2, 0, dissect_kerberos_OCTET_STRING },
7515 { NULL, 0, 0, 0, NULL }
7516 };
7517
7518 static int
7519 dissect_kerberos_EncryptedSpakeResponseData(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7520 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
7521 EncryptedSpakeResponseData_sequence, hf_index, ett_kerberos_EncryptedSpakeResponseData);
7522
7523 return offset;
7524 }
7525
7526
7527 static const value_string kerberos_SPAKEGroup_vals[] = {
7528 { 1, "sPAKEGroup-edwards25519" },
7529 { 2, "sPAKEGroup-P-256" },
7530 { 3, "sPAKEGroup-P-384" },
7531 { 4, "sPAKEGroup-P-521" },
7532 { 0, NULL }
7533 };
7534
7535
7536 static int
7537 dissect_kerberos_SPAKEGroup(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7538 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
7539 NULL);
7540
7541 return offset;
7542 }
7543
7544
7545 static const value_string kerberos_SPAKESecondFactorType_vals[] = {
7546 { 1, "sPAKESecondFactor-SF-NONE" },
7547 { 0, NULL }
7548 };
7549
7550
7551 static int
7552 dissect_kerberos_SPAKESecondFactorType(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7553 offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
7554 NULL);
7555
7556 return offset;
7557 }
7558
7559
7560 static const ber_sequence_t SEQUENCE_SIZE_1_MAX_OF_SPAKEGroup_sequence_of[1] = {
7561 { &hf_kerberos_groups_item, BER_CLASS_UNI, BER_UNI_TAG_INTEGER, BER_FLAGS_NOOWNTAG, dissect_kerberos_SPAKEGroup },
7562 };
7563
7564 static int
7565 dissect_kerberos_SEQUENCE_SIZE_1_MAX_OF_SPAKEGroup(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7566 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
7567 SEQUENCE_SIZE_1_MAX_OF_SPAKEGroup_sequence_of, hf_index, ett_kerberos_SEQUENCE_SIZE_1_MAX_OF_SPAKEGroup);
7568
7569 return offset;
7570 }
7571
7572
7573 static const ber_sequence_t SPAKESupport_sequence[] = {
7574 { &hf_kerberos_groups , BER_CLASS_CON, 0, 0, dissect_kerberos_SEQUENCE_SIZE_1_MAX_OF_SPAKEGroup },
7575 { NULL, 0, 0, 0, NULL }
7576 };
7577
7578 static int
7579 dissect_kerberos_SPAKESupport(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7580 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
7581 SPAKESupport_sequence, hf_index, ett_kerberos_SPAKESupport);
7582
7583 return offset;
7584 }
7585
7586
7587 static const ber_sequence_t SPAKESecondFactor_sequence[] = {
7588 { &hf_kerberos_type , BER_CLASS_CON, 0, 0, dissect_kerberos_SPAKESecondFactorType },
7589 { &hf_kerberos_data , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_OCTET_STRING },
7590 { NULL, 0, 0, 0, NULL }
7591 };
7592
7593 static int
7594 dissect_kerberos_SPAKESecondFactor(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7595 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
7596 SPAKESecondFactor_sequence, hf_index, ett_kerberos_SPAKESecondFactor);
7597
7598 return offset;
7599 }
7600
7601
7602 static const ber_sequence_t SEQUENCE_SIZE_1_MAX_OF_SPAKESecondFactor_sequence_of[1] = {
7603 { &hf_kerberos_factors_item, BER_CLASS_UNI, BER_UNI_TAG_SEQUENCE, BER_FLAGS_NOOWNTAG, dissect_kerberos_SPAKESecondFactor },
7604 };
7605
7606 static int
7607 dissect_kerberos_SEQUENCE_SIZE_1_MAX_OF_SPAKESecondFactor(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7608 offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset,
7609 SEQUENCE_SIZE_1_MAX_OF_SPAKESecondFactor_sequence_of, hf_index, ett_kerberos_SEQUENCE_SIZE_1_MAX_OF_SPAKESecondFactor);
7610
7611 return offset;
7612 }
7613
7614
7615 static const ber_sequence_t SPAKEChallenge_sequence[] = {
7616 { &hf_kerberos_group , BER_CLASS_CON, 0, 0, dissect_kerberos_SPAKEGroup },
7617 { &hf_kerberos_pubkey , BER_CLASS_CON, 1, 0, dissect_kerberos_OCTET_STRING },
7618 { &hf_kerberos_factors , BER_CLASS_CON, 2, 0, dissect_kerberos_SEQUENCE_SIZE_1_MAX_OF_SPAKESecondFactor },
7619 { NULL, 0, 0, 0, NULL }
7620 };
7621
7622 static int
7623 dissect_kerberos_SPAKEChallenge(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7624 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
7625 SPAKEChallenge_sequence, hf_index, ett_kerberos_SPAKEChallenge);
7626
7627 return offset;
7628 }
7629
7630
7631 static const ber_sequence_t SPAKEResponse_sequence[] = {
7632 { &hf_kerberos_pubkey , BER_CLASS_CON, 0, 0, dissect_kerberos_OCTET_STRING },
7633 { &hf_kerberos_factor , BER_CLASS_CON, 1, 0, dissect_kerberos_EncryptedSpakeResponseData },
7634 { NULL, 0, 0, 0, NULL }
7635 };
7636
7637 static int
7638 dissect_kerberos_SPAKEResponse(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7639 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
7640 SPAKEResponse_sequence, hf_index, ett_kerberos_SPAKEResponse);
7641
7642 return offset;
7643 }
7644
7645
7646 static const value_string kerberos_PA_SPAKE_vals[] = {
7647 { 0, "support" },
7648 { 1, "challenge" },
7649 { 2, "response" },
7650 { 3, "encdata" },
7651 { 0, NULL }
7652 };
7653
7654 static const ber_choice_t PA_SPAKE_choice[] = {
7655 { 0, &hf_kerberos_support , BER_CLASS_CON, 0, 0, dissect_kerberos_SPAKESupport },
7656 { 1, &hf_kerberos_challenge , BER_CLASS_CON, 1, 0, dissect_kerberos_SPAKEChallenge },
7657 { 2, &hf_kerberos_response , BER_CLASS_CON, 2, 0, dissect_kerberos_SPAKEResponse },
7658 { 3, &hf_kerberos_encdata , BER_CLASS_CON, 3, 0, dissect_kerberos_EncryptedSpakeData },
7659 { 0, NULL, 0, 0, 0, NULL }
7660 };
7661
7662 static int
7663 dissect_kerberos_PA_SPAKE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7664 #line 654 "./asn1/kerberos/kerberos.cnf"
7665 kerberos_private_data_t* private_data = kerberos_get_private_data(actx);
7666 offset = dissect_ber_choice(actx, tree, tvb, offset,
7667 PA_SPAKE_choice, hf_index, ett_kerberos_PA_SPAKE,
7668 &(private_data->padata_type));
7669
7670
7671
7672 #line 657 "./asn1/kerberos/kerberos.cnf"
7673 if(tree){
7674 proto_item_append_text(tree, " %s",
7675 val_to_str(private_data->padata_type, kerberos_PA_SPAKE_vals,
7676 "Unknown:%d"));
7677 }
7678
7679 return offset;
7680 }
7681
7682
7683 /*--- End of included file: packet-kerberos-fn.c ---*/
7684 #line 4154 "./asn1/kerberos/packet-kerberos-template.c"
7685
7686 #ifdef HAVE_KERBEROS
7687 static const ber_sequence_t PA_ENC_TS_ENC_sequence[] = {
7688 { &hf_krb_patimestamp, BER_CLASS_CON, 0, 0, dissect_kerberos_KerberosTime },
7689 { &hf_krb_pausec , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_Microseconds },
7690 { NULL, 0, 0, 0, NULL }
7691 };
7692
7693 static int
7694 dissect_kerberos_PA_ENC_TS_ENC(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7695 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
7696 PA_ENC_TS_ENC_sequence, hf_index, ett_krb_pa_enc_ts_enc);
7697 return offset;
7698 }
7699
7700 static int
7701 dissect_kerberos_T_strengthen_key(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7702 #line 491 "./asn1/kerberos/kerberos.cnf"
7703 kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
7704 gint save_encryption_key_parent_hf_index = private_data->save_encryption_key_parent_hf_index;
7705 kerberos_key_save_fn saved_encryption_key_fn = private_data->save_encryption_key_fn;
7706 private_data->save_encryption_key_parent_hf_index = hf_kerberos_KrbFastResponse;
7707 #ifdef HAVE_KERBEROS
7708 private_data->save_encryption_key_fn = save_KrbFastResponse_strengthen_key;
7709 #endif
7710 offset = dissect_kerberos_EncryptionKey(implicit_tag, tvb, offset, actx, tree, hf_index);
7711
7712 private_data->save_encryption_key_parent_hf_index = save_encryption_key_parent_hf_index;
7713 private_data->save_encryption_key_fn = saved_encryption_key_fn;
7714 return offset;
7715 }
7716
7717 static const ber_sequence_t KrbFastFinished_sequence[] = {
7718 { &hf_kerberos_timestamp , BER_CLASS_CON, 0, 0, dissect_kerberos_KerberosTime },
7719 { &hf_kerberos_usec , BER_CLASS_CON, 1, 0, dissect_kerberos_Microseconds },
7720 { &hf_kerberos_crealm , BER_CLASS_CON, 2, 0, dissect_kerberos_Realm },
7721 { &hf_kerberos_cname_01 , BER_CLASS_CON, 3, 0, dissect_kerberos_PrincipalName },
7722 { &hf_kerberos_ticket_checksum, BER_CLASS_CON, 4, 0, dissect_kerberos_Checksum },
7723 { NULL, 0, 0, 0, NULL }
7724 };
7725
7726 static int
7727 dissect_kerberos_KrbFastFinished(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7728 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
7729 KrbFastFinished_sequence, hf_index, ett_kerberos_KrbFastFinished);
7730
7731 return offset;
7732 }
7733
7734 static const ber_sequence_t KrbFastResponse_sequence[] = {
7735 { &hf_kerberos_padata , BER_CLASS_CON, 0, 0, dissect_kerberos_SEQUENCE_OF_PA_DATA },
7736 { &hf_kerberos_strengthen_key, BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_T_strengthen_key },
7737 { &hf_kerberos_finished , BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL, dissect_kerberos_KrbFastFinished },
7738 { &hf_kerberos_nonce , BER_CLASS_CON, 3, 0, dissect_kerberos_UInt32 },
7739 { NULL, 0, 0, 0, NULL }
7740 };
7741
7742 static int
7743 dissect_kerberos_KrbFastResponse(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7744 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
7745 KrbFastResponse_sequence, hf_index, ett_kerberos_KrbFastResponse);
7746
7747 return offset;
7748 }
7749
7750 static const ber_sequence_t KrbFastReq_sequence[] = {
7751 { &hf_kerberos_fast_options, BER_CLASS_CON, 0, 0, dissect_kerberos_FastOptions },
7752 { &hf_kerberos_padata , BER_CLASS_CON, 1, 0, dissect_kerberos_SEQUENCE_OF_PA_DATA },
7753 { &hf_kerberos_req_body , BER_CLASS_CON, 2, 0, dissect_kerberos_KDC_REQ_BODY },
7754 { NULL, 0, 0, 0, NULL }
7755 };
7756
7757 static int
7758 dissect_kerberos_KrbFastReq(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7759 offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
7760 KrbFastReq_sequence, hf_index, ett_kerberos_KrbFastReq);
7761
7762 return offset;
7763 }
7764
7765 static int * const FastOptions_bits[] = {
7766 &hf_kerberos_FastOptions_reserved,
7767 &hf_kerberos_FastOptions_hide_client_names,
7768 &hf_kerberos_FastOptions_spare_bit2,
7769 &hf_kerberos_FastOptions_spare_bit3,
7770 &hf_kerberos_FastOptions_spare_bit4,
7771 &hf_kerberos_FastOptions_spare_bit5,
7772 &hf_kerberos_FastOptions_spare_bit6,
7773 &hf_kerberos_FastOptions_spare_bit7,
7774 &hf_kerberos_FastOptions_spare_bit8,
7775 &hf_kerberos_FastOptions_spare_bit9,
7776 &hf_kerberos_FastOptions_spare_bit10,
7777 &hf_kerberos_FastOptions_spare_bit11,
7778 &hf_kerberos_FastOptions_spare_bit12,
7779 &hf_kerberos_FastOptions_spare_bit13,
7780 &hf_kerberos_FastOptions_spare_bit14,
7781 &hf_kerberos_FastOptions_spare_bit15,
7782 &hf_kerberos_FastOptions_kdc_follow_referrals,
7783 NULL
7784 };
7785
7786 static int
7787 dissect_kerberos_FastOptions(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
7788 offset = dissect_ber_bitstring(implicit_tag, actx, tree, tvb, offset,
7789 FastOptions_bits, 17, hf_index, ett_kerberos_FastOptions,
7790 NULL);
7791
7792 return offset;
7793 }
7794
7795 #endif /* HAVE_KERBEROS */
7796
7797 /* Make wrappers around exported functions for now */
7798 int
7799 dissect_krb5_Checksum(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
7800 {
7801 return dissect_kerberos_Checksum(FALSE, tvb, offset, actx, tree, hf_kerberos_cksum);
7802
7803 }
7804
7805 int
7806 dissect_krb5_ctime(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
7807 {
7808 return dissect_kerberos_KerberosTime(FALSE, tvb, offset, actx, tree, hf_kerberos_ctime);
7809 }
7810
7811
7812 int
7813 dissect_krb5_cname(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
7814 {
7815 return dissect_kerberos_PrincipalName(FALSE, tvb, offset, actx, tree, hf_kerberos_cname);
7816 }
7817 int
7818 dissect_krb5_realm(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
7819 {
7820 return dissect_kerberos_Realm(FALSE, tvb, offset, actx, tree, hf_kerberos_realm);
7821 }
7822
7823 struct kerberos_display_key_state {
7824 proto_tree *tree;
7825 packet_info *pinfo;
7826 expert_field *expindex;
7827 const char *name;
7828 tvbuff_t *tvb;
7829 gint start;
7830 gint length;
7831 };
7832
7833 static void
7834 #ifdef HAVE_KERBEROS
7835 kerberos_display_key(gpointer data, gpointer userdata)
7836 #else
7837 kerberos_display_key(gpointer data _U_, gpointer userdata _U_)
7838 #endif
7839 {
7840 #ifdef HAVE_KERBEROS
7841 struct kerberos_display_key_state *state =
7842 (struct kerberos_display_key_state *)userdata;
7843 const enc_key_t *ek = (const enc_key_t *)data;
7844 proto_item *item = NULL;
7845 enc_key_t *sek = NULL;
7846
7847 item = proto_tree_add_expert_format(state->tree,
7848 state->pinfo,
7849 state->expindex,
7850 state->tvb,
7851 state->start,
7852 state->length,
7853 "%s %s keytype %d (id=%s same=%u) (%02x%02x%02x%02x...)",
7854 state->name,
7855 ek->key_origin, ek->keytype,
7856 ek->id_str, ek->num_same,
7857 ek->keyvalue[0] & 0xFF, ek->keyvalue[1] & 0xFF,
7858 ek->keyvalue[2] & 0xFF, ek->keyvalue[3] & 0xFF);
7859 if (ek->src1 != NULL) {
7860 sek = ek->src1;
7861 expert_add_info_format(state->pinfo,
7862 item,
7863 state->expindex,
7864 "SRC1 %s keytype %d (id=%s same=%u) (%02x%02x%02x%02x...)",
7865 sek->key_origin, sek->keytype,
7866 sek->id_str, sek->num_same,
7867 sek->keyvalue[0] & 0xFF, sek->keyvalue[1] & 0xFF,
7868 sek->keyvalue[2] & 0xFF, sek->keyvalue[3] & 0xFF);
7869 }
7870 if (ek->src2 != NULL) {
7871 sek = ek->src2;
7872 expert_add_info_format(state->pinfo,
7873 item,
7874 state->expindex,
7875 "SRC2 %s keytype %d (id=%s same=%u) (%02x%02x%02x%02x...)",
7876 sek->key_origin, sek->keytype,
7877 sek->id_str, sek->num_same,
7878 sek->keyvalue[0] & 0xFF, sek->keyvalue[1] & 0xFF,
7879 sek->keyvalue[2] & 0xFF, sek->keyvalue[3] & 0xFF);
7880 }
7881 sek = ek->same_list;
7882 while (sek != NULL) {
7883 expert_add_info_format(state->pinfo,
7884 item,
7885 state->expindex,
7886 "%s %s keytype %d (id=%s same=%u) (%02x%02x%02x%02x...)",
7887 state->name,
7888 sek->key_origin, sek->keytype,
7889 sek->id_str, sek->num_same,
7890 sek->keyvalue[0] & 0xFF, sek->keyvalue[1] & 0xFF,
7891 sek->keyvalue[2] & 0xFF, sek->keyvalue[3] & 0xFF);
7892 sek = sek->same_list;
7893 }
7894 #endif /* HAVE_KERBEROS */
7895 }
7896
7897 static const value_string KERB_LOGON_SUBMIT_TYPE[] = {
7898 { 2, "KerbInteractiveLogon" },
7899 { 6, "KerbSmartCardLogon" },
7900 { 7, "KerbWorkstationUnlockLogon" },
7901 { 8, "KerbSmartCardUnlockLogon" },
7902 { 9, "KerbProxyLogon" },
7903 { 10, "KerbTicketLogon" },
7904 { 11, "KerbTicketUnlockLogon" },
7905 { 12, "KerbS4ULogon" },
7906 { 13, "KerbCertificateLogon" },
7907 { 14, "KerbCertificateS4ULogon" },
7908 { 15, "KerbCertificateUnlockLogon" },
7909 { 0, NULL }
7910 };
7911
7912
7913 #define KERB_LOGON_FLAG_ALLOW_EXPIRED_TICKET 0x1
7914 #define KERB_LOGON_FLAG_REDIRECTED 0x2
7915
7916 static int* const ktl_flags_bits[] = {
7917 &hf_kerberos_KERB_TICKET_LOGON_FLAG_ALLOW_EXPIRED_TICKET,
7918 &hf_kerberos_KERB_TICKET_LOGON_FLAG_REDIRECTED,
7919 NULL
7920 };
7921
7922 int
7923 dissect_kerberos_KERB_TICKET_LOGON(tvbuff_t *tvb, int offset, asn1_ctx_t *actx, proto_tree *tree)
7924 {
7925 proto_item *item;
7926 proto_tree *subtree;
7927 guint32 ServiceTicketLength;
7928 guint32 TicketGrantingTicketLength;
7929 int orig_offset;
7930
7931 if (tvb_captured_length(tvb) < 32)
7932 return offset;
7933
7934 item = proto_tree_add_item(tree, hf_kerberos_KERB_TICKET_LOGON, tvb, offset, -1, ENC_NA);
7935 subtree = proto_item_add_subtree(item, ett_kerberos_KERB_TICKET_LOGON);
7936
7937 proto_tree_add_item(subtree, hf_kerberos_KERB_TICKET_LOGON_MessageType, tvb, offset, 4,
7938 ENC_LITTLE_ENDIAN);
7939 offset+=4;
7940
7941 proto_tree_add_bitmask(subtree, tvb, offset, hf_kerberos_KERB_TICKET_LOGON_Flags,
7942 ett_kerberos, ktl_flags_bits, ENC_LITTLE_ENDIAN);
7943 offset+=4;
7944
7945 ServiceTicketLength = tvb_get_letohl(tvb, offset);
7946 proto_tree_add_item(subtree, hf_kerberos_KERB_TICKET_LOGON_ServiceTicketLength, tvb,
7947 offset, 4, ENC_LITTLE_ENDIAN);
7948 offset+=4;
7949
7950 TicketGrantingTicketLength = tvb_get_letohl(tvb, offset);
7951 proto_tree_add_item(subtree, hf_kerberos_KERB_TICKET_LOGON_TicketGrantingTicketLength,
7952 tvb, offset, 4, ENC_LITTLE_ENDIAN);
7953 offset+=4;
7954
7955 /* Skip two PUCHAR of ServiceTicket and TicketGrantingTicket */
7956 offset+=16;
7957
7958 if (ServiceTicketLength == 0)
7959 return offset;
7960
7961 orig_offset = offset;
7962 offset = dissect_kerberos_Ticket(FALSE, tvb, offset, actx, subtree,
7963 hf_kerberos_KERB_TICKET_LOGON_ServiceTicket);
7964
7965 if ((unsigned)(offset-orig_offset) != ServiceTicketLength)
7966 return offset;
7967
7968 if (TicketGrantingTicketLength == 0)
7969 return offset;
7970
7971 offset = dissect_kerberos_KRB_CRED(FALSE, tvb, offset, actx, subtree,
7972 hf_kerberos_KERB_TICKET_LOGON_TicketGrantingTicket);
7973
7974 if ((unsigned)(offset-orig_offset) != ServiceTicketLength + TicketGrantingTicketLength)
7975 return offset;
7976
7977 return offset;
7978 }
7979
7980 static gint
7981 dissect_kerberos_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
7982 gboolean dci, gboolean do_col_protocol, gboolean have_rm,
7983 kerberos_callbacks *cb)
7984 {
7985 volatile int offset = 0;
7986 proto_tree *volatile kerberos_tree = NULL;
7987 proto_item *volatile item = NULL;
7988 kerberos_private_data_t *private_data = NULL;
7989 asn1_ctx_t asn1_ctx;
7990
7991 /* TCP record mark and length */
7992 guint32 krb_rm = 0;
7993 gint krb_reclen = 0;
7994
7995 gbl_do_col_info=dci;
7996
7997 if (have_rm) {
7998 krb_rm = tvb_get_ntohl(tvb, offset);
7999 krb_reclen = kerberos_rm_to_reclen(krb_rm);
8000 /*
8001 * What is a reasonable size limit?
8002 */
8003 if (krb_reclen > 10 * 1024 * 1024) {
8004 return (-1);
8005 }
8006
8007 if (do_col_protocol) {
8008 col_set_str(pinfo->cinfo, COL_PROTOCOL, "KRB5");
8009 }
8010
8011 if (tree) {
8012 item = proto_tree_add_item(tree, proto_kerberos, tvb, 0, -1, ENC_NA);
8013 kerberos_tree = proto_item_add_subtree(item, ett_kerberos);
8014 }
8015
8016 show_krb_recordmark(kerberos_tree, tvb, offset, krb_rm);
8017 offset += 4;
8018 } else {
8019 /* Do some sanity checking here,
8020 * All krb5 packets start with a TAG class that is BER_CLASS_APP
8021 * and a tag value that is either of the values below:
8022 * If it doesn't look like kerberos, return 0 and let someone else have
8023 * a go at it.
8024 */
8025 gint8 tmp_class;
8026 gboolean tmp_pc;
8027 gint32 tmp_tag;
8028
8029 get_ber_identifier(tvb, offset, &tmp_class, &tmp_pc, &tmp_tag);
8030 if(tmp_class!=BER_CLASS_APP){
8031 return 0;
8032 }
8033 switch(tmp_tag){
8034 case KRB5_MSG_TICKET:
8035 case KRB5_MSG_AUTHENTICATOR:
8036 case KRB5_MSG_ENC_TICKET_PART:
8037 case KRB5_MSG_AS_REQ:
8038 case KRB5_MSG_AS_REP:
8039 case KRB5_MSG_TGS_REQ:
8040 case KRB5_MSG_TGS_REP:
8041 case KRB5_MSG_AP_REQ:
8042 case KRB5_MSG_AP_REP:
8043 case KRB5_MSG_ENC_AS_REP_PART:
8044 case KRB5_MSG_ENC_TGS_REP_PART:
8045 case KRB5_MSG_ENC_AP_REP_PART:
8046 case KRB5_MSG_ENC_KRB_PRIV_PART:
8047 case KRB5_MSG_ENC_KRB_CRED_PART:
8048 case KRB5_MSG_SAFE:
8049 case KRB5_MSG_PRIV:
8050 case KRB5_MSG_ERROR:
8051 break;
8052 default:
8053 return 0;
8054 }
8055 if (do_col_protocol) {
8056 col_set_str(pinfo->cinfo, COL_PROTOCOL, "KRB5");
8057 }
8058 if (gbl_do_col_info) {
8059 col_clear(pinfo->cinfo, COL_INFO);
8060 }
8061 if (tree) {
8062 item = proto_tree_add_item(tree, proto_kerberos, tvb, 0, -1, ENC_NA);
8063 kerberos_tree = proto_item_add_subtree(item, ett_kerberos);
8064 }
8065 }
8066 asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
8067 asn1_ctx.private_data = NULL;
8068 private_data = kerberos_get_private_data(&asn1_ctx);
8069 private_data->callbacks = cb;
8070
8071 TRY {
8072 offset=dissect_kerberos_Applications(FALSE, tvb, offset, &asn1_ctx , kerberos_tree, /* hf_index */ -1);
8073 } CATCH_BOUNDS_ERRORS {
8074 RETHROW;
8075 } ENDTRY;
8076
8077 if (kerberos_tree != NULL) {
8078 struct kerberos_display_key_state display_state = {
8079 .tree = kerberos_tree,
8080 .pinfo = pinfo,
8081 .expindex = &ei_kerberos_learnt_keytype,
8082 .name = "Provides",
8083 .tvb = tvb,
8084 };
8085
8086 wmem_list_foreach(private_data->learnt_keys,
8087 kerberos_display_key,
8088 &display_state);
8089 }
8090
8091 if (kerberos_tree != NULL) {
8092 struct kerberos_display_key_state display_state = {
8093 .tree = kerberos_tree,
8094 .pinfo = pinfo,
8095 .expindex = &ei_kerberos_missing_keytype,
8096 .name = "Missing",
8097 .tvb = tvb,
8098 };
8099
8100 wmem_list_foreach(private_data->missing_keys,
8101 kerberos_display_key,
8102 &display_state);
8103 }
8104
8105 if (kerberos_tree != NULL) {
8106 struct kerberos_display_key_state display_state = {
8107 .tree = kerberos_tree,
8108 .pinfo = pinfo,
8109 .expindex = &ei_kerberos_decrypted_keytype,
8110 .name = "Used",
8111 .tvb = tvb,
8112 };
8113
8114 wmem_list_foreach(private_data->decryption_keys,
8115 kerberos_display_key,
8116 &display_state);
8117 }
8118
8119 proto_item_set_len(item, offset);
8120 return offset;
8121 }
8122
8123 /*
8124 * Display the TCP record mark.
8125 */
8126 void
8127 show_krb_recordmark(proto_tree *tree, tvbuff_t *tvb, gint start, guint32 krb_rm)
8128 {
8129 gint rec_len;
8130 proto_tree *rm_tree;
8131
8132 if (tree == NULL)
8133 return;
8134
8135 rec_len = kerberos_rm_to_reclen(krb_rm);
8136 rm_tree = proto_tree_add_subtree_format(tree, tvb, start, 4, ett_krb_recordmark, NULL,
8137 "Record Mark: %u %s", rec_len, plurality(rec_len, "byte", "bytes"));
8138 proto_tree_add_boolean(rm_tree, hf_krb_rm_reserved, tvb, start, 4, krb_rm);
8139 proto_tree_add_uint(rm_tree, hf_krb_rm_reclen, tvb, start, 4, krb_rm);
8140 }
8141
8142 gint
8143 dissect_kerberos_main(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int do_col_info, kerberos_callbacks *cb)
8144 {
8145 return (dissect_kerberos_common(tvb, pinfo, tree, do_col_info, FALSE, FALSE, cb));
8146 }
8147
8148 guint32
8149 kerberos_output_keytype(void)
8150 {
8151 return gbl_keytype;
8152 }
8153
8154 static gint
8155 dissect_kerberos_udp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
8156 {
8157 /* Some weird kerberos implementation apparently do krb4 on the krb5 port.
8158 Since all (except weirdo transarc krb4 stuff) use
8159 an opcode <=16 in the first byte, use this to see if it might
8160 be krb4.
8161 All krb5 commands start with an APPL tag and thus is >=0x60
8162 so if first byte is <=16 just blindly assume it is krb4 then
8163 */
8164 if(tvb_captured_length(tvb) >= 1 && tvb_get_guint8(tvb, 0)<=0x10){
8165 if(krb4_handle){
8166 gboolean res;
8167
8168 res=call_dissector_only(krb4_handle, tvb, pinfo, tree, NULL);
8169 return res;
8170 }else{
8171 return 0;
8172 }
8173 }
8174
8175
8176 return dissect_kerberos_common(tvb, pinfo, tree, TRUE, TRUE, FALSE, NULL);
8177 }
8178
8179 gint
8180 kerberos_rm_to_reclen(guint krb_rm)
8181 {
8182 return (krb_rm & KRB_RM_RECLEN);
8183 }
8184
8185 guint
8186 get_krb_pdu_len(packet_info *pinfo _U_, tvbuff_t *tvb, int offset, void *data _U_)
8187 {
8188 guint krb_rm;
8189 gint pdulen;
8190
8191 krb_rm = tvb_get_ntohl(tvb, offset);
8192 pdulen = kerberos_rm_to_reclen(krb_rm);
8193 return (pdulen + 4);
8194 }
8195 static void
8196 kerberos_prefs_apply_cb(void) {
8197 #ifdef HAVE_LIBNETTLE
8198 clear_keytab();
8199 read_keytab_file(keytab_filename);
8200 #endif
8201 }
8202
8203 static int
8204 dissect_kerberos_tcp_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
8205 {
8206 pinfo->fragmented = TRUE;
8207 if (dissect_kerberos_common(tvb, pinfo, tree, TRUE, TRUE, TRUE, NULL) < 0) {
8208 /*
8209 * The dissector failed to recognize this as a valid
8210 * Kerberos message. Mark it as a continuation packet.
8211 */
8212 col_set_str(pinfo->cinfo, COL_INFO, "Continuation");
8213 }
8214
8215 return tvb_captured_length(tvb);
8216 }
8217
8218 static int
8219 dissect_kerberos_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data)
8220 {
8221 col_set_str(pinfo->cinfo, COL_PROTOCOL, "KRB5");
8222 col_clear(pinfo->cinfo, COL_INFO);
8223
8224 tcp_dissect_pdus(tvb, pinfo, tree, krb_desegment, 4, get_krb_pdu_len,
8225 dissect_kerberos_tcp_pdu, data);
8226 return tvb_captured_length(tvb);
8227 }
8228
8229 /*--- proto_register_kerberos -------------------------------------------*/
8230 void proto_register_kerberos(void) {
8231
8232 /* List of fields */
8233
8234 static hf_register_info hf[] = {
8235 { &hf_krb_rm_reserved, {
8236 "Reserved", "kerberos.rm.reserved", FT_BOOLEAN, 32,
8237 TFS(&tfs_set_notset), KRB_RM_RESERVED, "Record mark reserved bit", HFILL }},
8238 { &hf_krb_rm_reclen, {
8239 "Record Length", "kerberos.rm.length", FT_UINT32, BASE_DEC,
8240 NULL, KRB_RM_RECLEN, NULL, HFILL }},
8241 { &hf_krb_provsrv_location, {
8242 "PROVSRV Location", "kerberos.provsrv_location", FT_STRING, BASE_NONE,
8243 NULL, 0, "PacketCable PROV SRV Location", HFILL }},
8244 { &hf_krb_pw_salt,
8245 { "pw-salt", "kerberos.pw_salt", FT_BYTES, BASE_NONE,
8246 NULL, 0, NULL, HFILL }},
8247 { &hf_krb_ext_error_nt_status, /* we keep kerberos.smb.nt_status for compat reasons */
8248 { "NT Status", "kerberos.smb.nt_status", FT_UINT32, BASE_HEX,
8249 VALS(NT_errors), 0, "NT Status code", HFILL }},
8250 { &hf_krb_ext_error_reserved,
8251 { "Reserved", "kerberos.ext_error.reserved", FT_UINT32, BASE_HEX,
8252 NULL, 0, NULL, HFILL }},
8253 { &hf_krb_ext_error_flags,
8254 { "Flags", "kerberos.ext_error.flags", FT_UINT32, BASE_HEX,
8255 NULL, 0, NULL, HFILL }},
8256 { &hf_krb_address_ip, {
8257 "IP Address", "kerberos.addr_ip", FT_IPv4, BASE_NONE,
8258 NULL, 0, NULL, HFILL }},
8259 { &hf_krb_address_ipv6, {
8260 "IPv6 Address", "kerberos.addr_ipv6", FT_IPv6, BASE_NONE,
8261 NULL, 0, NULL, HFILL }},
8262 { &hf_krb_address_netbios, {
8263 "NetBIOS Address", "kerberos.addr_nb", FT_STRING, BASE_NONE,
8264 NULL, 0, "NetBIOS Address and type", HFILL }},
8265 { &hf_krb_gssapi_len, {
8266 "Length", "kerberos.gssapi.len", FT_UINT32, BASE_DEC,
8267 NULL, 0, "Length of GSSAPI Bnd field", HFILL }},
8268 { &hf_krb_gssapi_bnd, {
8269 "Bnd", "kerberos.gssapi.bdn", FT_BYTES, BASE_NONE,
8270 NULL, 0, "GSSAPI Bnd field", HFILL }},
8271 { &hf_krb_gssapi_c_flag_deleg, {
8272 "Deleg", "kerberos.gssapi.checksum.flags.deleg", FT_BOOLEAN, 32,
8273 TFS(&tfs_gss_flags_deleg), KRB5_GSS_C_DELEG_FLAG, NULL, HFILL }},
8274 { &hf_krb_gssapi_c_flag_mutual, {
8275 "Mutual", "kerberos.gssapi.checksum.flags.mutual", FT_BOOLEAN, 32,
8276 TFS(&tfs_gss_flags_mutual), KRB5_GSS_C_MUTUAL_FLAG, NULL, HFILL }},
8277 { &hf_krb_gssapi_c_flag_replay, {
8278 "Replay", "kerberos.gssapi.checksum.flags.replay", FT_BOOLEAN, 32,
8279 TFS(&tfs_gss_flags_replay), KRB5_GSS_C_REPLAY_FLAG, NULL, HFILL }},
8280 { &hf_krb_gssapi_c_flag_sequence, {
8281 "Sequence", "kerberos.gssapi.checksum.flags.sequence", FT_BOOLEAN, 32,
8282 TFS(&tfs_gss_flags_sequence), KRB5_GSS_C_SEQUENCE_FLAG, NULL, HFILL }},
8283 { &hf_krb_gssapi_c_flag_conf, {
8284 "Conf", "kerberos.gssapi.checksum.flags.conf", FT_BOOLEAN, 32,
8285 TFS(&tfs_gss_flags_conf), KRB5_GSS_C_CONF_FLAG, NULL, HFILL }},
8286 { &hf_krb_gssapi_c_flag_integ, {
8287 "Integ", "kerberos.gssapi.checksum.flags.integ", FT_BOOLEAN, 32,
8288 TFS(&tfs_gss_flags_integ), KRB5_GSS_C_INTEG_FLAG, NULL, HFILL }},
8289 { &hf_krb_gssapi_c_flag_dce_style, {
8290 "DCE-style", "kerberos.gssapi.checksum.flags.dce-style", FT_BOOLEAN, 32,
8291 TFS(&tfs_gss_flags_dce_style), KRB5_GSS_C_DCE_STYLE, NULL, HFILL }},
8292 { &hf_krb_gssapi_dlgopt, {
8293 "DlgOpt", "kerberos.gssapi.dlgopt", FT_UINT16, BASE_DEC,
8294 NULL, 0, "GSSAPI DlgOpt", HFILL }},
8295 { &hf_krb_gssapi_dlglen, {
8296 "DlgLen", "kerberos.gssapi.dlglen", FT_UINT16, BASE_DEC,
8297 NULL, 0, "GSSAPI DlgLen", HFILL }},
8298 { &hf_krb_midl_blob_len, {
8299 "Blob Length", "kerberos.midl_blob_len", FT_UINT64, BASE_DEC,
8300 NULL, 0, "Length of NDR encoded data that follows", HFILL }},
8301 { &hf_krb_midl_fill_bytes, {
8302 "Fill bytes", "kerberos.midl.fill_bytes", FT_UINT32, BASE_HEX,
8303 NULL, 0, "Just some fill bytes", HFILL }},
8304 { &hf_krb_midl_version, {
8305 "Version", "kerberos.midl.version", FT_UINT8, BASE_DEC,
8306 NULL, 0, "Version of pickling", HFILL }},
8307 { &hf_krb_midl_hdr_len, {
8308 "HDR Length", "kerberos.midl.hdr_len", FT_UINT16, BASE_DEC,
8309 NULL, 0, "Length of header", HFILL }},
8310 { &hf_krb_pac_signature_type, {
8311 "Type", "kerberos.pac.signature.type", FT_INT32, BASE_DEC,
8312 NULL, 0, "PAC Signature Type", HFILL }},
8313 { &hf_krb_pac_signature_signature, {
8314 "Signature", "kerberos.pac.signature.signature", FT_BYTES, BASE_NONE,
8315 NULL, 0, "A PAC signature blob", HFILL }},
8316 { &hf_krb_w2k_pac_entries, {
8317 "Num Entries", "kerberos.pac.entries", FT_UINT32, BASE_DEC,
8318 NULL, 0, "Number of W2k PAC entries", HFILL }},
8319 { &hf_krb_w2k_pac_version, {
8320 "Version", "kerberos.pac.version", FT_UINT32, BASE_DEC,
8321 NULL, 0, "Version of PAC structures", HFILL }},
8322 { &hf_krb_w2k_pac_type, {
8323 "Type", "kerberos.pac.type", FT_UINT32, BASE_DEC,
8324 VALS(w2k_pac_types), 0, "Type of W2k PAC entry", HFILL }},
8325 { &hf_krb_w2k_pac_size, {
8326 "Size", "kerberos.pac.size", FT_UINT32, BASE_DEC,
8327 NULL, 0, "Size of W2k PAC entry", HFILL }},
8328 { &hf_krb_w2k_pac_offset, {
8329 "Offset", "kerberos.pac.offset", FT_UINT32, BASE_DEC,
8330 NULL, 0, "Offset to W2k PAC entry", HFILL }},
8331 { &hf_krb_pac_clientid, {
8332 "ClientID", "kerberos.pac.clientid", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL,
8333 NULL, 0, "ClientID Timestamp", HFILL }},
8334 { &hf_krb_pac_namelen, {
8335 "Name Length", "kerberos.pac.namelen", FT_UINT16, BASE_DEC,
8336 NULL, 0, "Length of client name", HFILL }},
8337 { &hf_krb_pac_clientname, {
8338 "Name", "kerberos.pac.name", FT_STRING, BASE_NONE,
8339 NULL, 0, "Name of the Client in the PAC structure", HFILL }},
8340 { &hf_krb_pac_logon_info, {
8341 "PAC_LOGON_INFO", "kerberos.pac_logon_info", FT_BYTES, BASE_NONE,
8342 NULL, 0, "PAC_LOGON_INFO structure", HFILL }},
8343 { &hf_krb_pac_credential_data, {
8344 "PAC_CREDENTIAL_DATA", "kerberos.pac_credential_data", FT_BYTES, BASE_NONE,
8345 NULL, 0, "PAC_CREDENTIAL_DATA structure", HFILL }},
8346 { &hf_krb_pac_credential_info, {
8347 "PAC_CREDENTIAL_INFO", "kerberos.pac_credential_info", FT_BYTES, BASE_NONE,
8348 NULL, 0, "PAC_CREDENTIAL_INFO structure", HFILL }},
8349 { &hf_krb_pac_credential_info_version, {
8350 "Version", "kerberos.pac_credential_info.version", FT_UINT32, BASE_DEC,
8351 NULL, 0, NULL, HFILL }},
8352 { &hf_krb_pac_credential_info_etype, {
8353 "Etype", "kerberos.pac_credential_info.etype", FT_UINT32, BASE_DEC,
8354 NULL, 0, NULL, HFILL }},
8355 { &hf_krb_pac_server_checksum, {
8356 "PAC_SERVER_CHECKSUM", "kerberos.pac_server_checksum", FT_BYTES, BASE_NONE,
8357 NULL, 0, "PAC_SERVER_CHECKSUM structure", HFILL }},
8358 { &hf_krb_pac_privsvr_checksum, {
8359 "PAC_PRIVSVR_CHECKSUM", "kerberos.pac_privsvr_checksum", FT_BYTES, BASE_NONE,
8360 NULL, 0, "PAC_PRIVSVR_CHECKSUM structure", HFILL }},
8361 { &hf_krb_pac_client_info_type, {
8362 "PAC_CLIENT_INFO_TYPE", "kerberos.pac_client_info_type", FT_BYTES, BASE_NONE,
8363 NULL, 0, "PAC_CLIENT_INFO_TYPE structure", HFILL }},
8364 { &hf_krb_pac_s4u_delegation_info, {
8365 "PAC_S4U_DELEGATION_INFO", "kerberos.pac_s4u_delegation_info", FT_BYTES, BASE_NONE,
8366 NULL, 0, "PAC_S4U_DELEGATION_INFO structure", HFILL }},
8367 { &hf_krb_pac_upn_dns_info, {
8368 "UPN_DNS_INFO", "kerberos.pac_upn_dns_info", FT_BYTES, BASE_NONE,
8369 NULL, 0, "UPN_DNS_INFO structure", HFILL }},
8370 { &hf_krb_pac_upn_flags, {
8371 "Flags", "kerberos.pac.upn.flags", FT_UINT32, BASE_HEX,
8372 NULL, 0, "UPN flags", HFILL }},
8373 { &hf_krb_pac_upn_dns_offset, {
8374 "DNS Offset", "kerberos.pac.upn.dns_offset", FT_UINT16, BASE_DEC,
8375 NULL, 0, NULL, HFILL }},
8376 { &hf_krb_pac_upn_dns_len, {
8377 "DNS Len", "kerberos.pac.upn.dns_len", FT_UINT16, BASE_DEC,
8378 NULL, 0, NULL, HFILL }},
8379 { &hf_krb_pac_upn_upn_offset, {
8380 "UPN Offset", "kerberos.pac.upn.upn_offset", FT_UINT16, BASE_DEC,
8381 NULL, 0, NULL, HFILL }},
8382 { &hf_krb_pac_upn_upn_len, {
8383 "UPN Len", "kerberos.pac.upn.upn_len", FT_UINT16, BASE_DEC,
8384 NULL, 0, NULL, HFILL }},
8385 { &hf_krb_pac_upn_upn_name, {
8386 "UPN Name", "kerberos.pac.upn.upn_name", FT_STRING, BASE_NONE,
8387 NULL, 0, NULL, HFILL }},
8388 { &hf_krb_pac_upn_dns_name, {
8389 "DNS Name", "kerberos.pac.upn.dns_name", FT_STRING, BASE_NONE,
8390 NULL, 0, NULL, HFILL }},
8391 { &hf_krb_pac_client_claims_info, {
8392 "PAC_CLIENT_CLAIMS_INFO", "kerberos.pac_client_claims_info", FT_BYTES, BASE_NONE,
8393 NULL, 0, "PAC_CLIENT_CLAIMS_INFO structure", HFILL }},
8394 { &hf_krb_pac_device_info, {
8395 "PAC_DEVICE_INFO", "kerberos.pac_device_info", FT_BYTES, BASE_NONE,
8396 NULL, 0, "PAC_DEVICE_INFO structure", HFILL }},
8397 { &hf_krb_pac_device_claims_info, {
8398 "PAC_DEVICE_CLAIMS_INFO", "kerberos.pac_device_claims_info", FT_BYTES, BASE_NONE,
8399 NULL, 0, "PAC_DEVICE_CLAIMS_INFO structure", HFILL }},
8400 { &hf_krb_pac_ticket_checksum, {
8401 "PAC_TICKET_CHECKSUM", "kerberos.pac_ticket_checksum", FT_BYTES, BASE_NONE,
8402 NULL, 0, "PAC_TICKET_CHECKSUM structure", HFILL }},
8403 { &hf_krb_pa_supported_enctypes,
8404 { "SupportedEnctypes", "kerberos.supported_entypes",
8405 FT_UINT32, BASE_HEX, NULL, 0, NULL, HFILL }},
8406 { &hf_krb_pa_supported_enctypes_des_cbc_crc,
8407 { "des-cbc-crc", "kerberos.supported_entypes.des-cbc-crc",
8408 FT_BOOLEAN, 32, TFS(&tfs_supported_not_supported), 0x00000001, NULL, HFILL }},
8409 { &hf_krb_pa_supported_enctypes_des_cbc_md5,
8410 { "des-cbc-md5", "kerberos.supported_entypes.des-cbc-md5",
8411 FT_BOOLEAN, 32, TFS(&tfs_supported_not_supported), 0x00000002, NULL, HFILL }},
8412 { &hf_krb_pa_supported_enctypes_rc4_hmac,
8413 { "rc4-hmac", "kerberos.supported_entypes.rc4-hmac",
8414 FT_BOOLEAN, 32, TFS(&tfs_supported_not_supported), 0x00000004, NULL, HFILL }},
8415 { &hf_krb_pa_supported_enctypes_aes128_cts_hmac_sha1_96,
8416 { "aes128-cts-hmac-sha1-96", "kerberos.supported_entypes.aes128-cts-hmac-sha1-96",
8417 FT_BOOLEAN, 32, TFS(&tfs_supported_not_supported), 0x00000008, NULL, HFILL }},
8418 { &hf_krb_pa_supported_enctypes_aes256_cts_hmac_sha1_96,
8419 { "aes256-cts-hmac-sha1-96", "kerberos.supported_entypes.aes256-cts-hmac-sha1-96",
8420 FT_BOOLEAN, 32, TFS(&tfs_supported_not_supported), 0x00000010, NULL, HFILL }},
8421 { &hf_krb_pa_supported_enctypes_fast_supported,
8422 { "fast-supported", "kerberos.supported_entypes.fast-supported",
8423 FT_BOOLEAN, 32, TFS(&tfs_supported_not_supported), 0x00010000, NULL, HFILL }},
8424 { &hf_krb_pa_supported_enctypes_compound_identity_supported,
8425 { "compound-identity-supported", "kerberos.supported_entypes.compound-identity-supported",
8426 FT_BOOLEAN, 32, TFS(&tfs_supported_not_supported), 0x00020000, NULL, HFILL }},
8427 { &hf_krb_pa_supported_enctypes_claims_supported,
8428 { "claims-supported", "kerberos.supported_entypes.claims-supported",
8429 FT_BOOLEAN, 32, TFS(&tfs_supported_not_supported), 0x00040000, NULL, HFILL }},
8430 { &hf_krb_pa_supported_enctypes_resource_sid_compression_disabled,
8431 { "resource-sid-compression-disabled", "kerberos.supported_entypes.resource-sid-compression-disabled",
8432 FT_BOOLEAN, 32, TFS(&tfs_supported_not_supported), 0x00080000, NULL, HFILL }},
8433 { &hf_krb_ad_ap_options,
8434 { "AD-AP-Options", "kerberos.ad_ap_options",
8435 FT_UINT32, BASE_HEX, NULL, 0, NULL, HFILL }},
8436 { &hf_krb_ad_ap_options_cbt,
8437 { "ChannelBindings", "kerberos.ad_ap_options.cbt",
8438 FT_BOOLEAN, 32, TFS(&tfs_set_notset), 0x00004000, NULL, HFILL }},
8439 { &hf_krb_ad_target_principal,
8440 { "Target Principal", "kerberos.ad_target_principal",
8441 FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }},
8442 { &hf_krb_key_hidden_item,
8443 { "KeyHiddenItem", "krb5.key_hidden_item",
8444 FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
8445 { &hf_kerberos_KERB_TICKET_LOGON,
8446 { "KERB_TICKET_LOGON", "kerberos.KERB_TICKET_LOGON",
8447 FT_NONE, BASE_NONE, NULL, 0,
8448 NULL, HFILL }},
8449 { &hf_kerberos_KERB_TICKET_LOGON_MessageType,
8450 { "MessageType", "kerberos.KERB_TICKET_LOGON.MessageType",
8451 FT_UINT32, BASE_DEC, VALS(KERB_LOGON_SUBMIT_TYPE), 0,
8452 NULL, HFILL }},
8453 { &hf_kerberos_KERB_TICKET_LOGON_Flags,
8454 { "Flags", "kerberos.KERB_TICKET_LOGON.Flags",
8455 FT_UINT32, BASE_DEC, NULL, 0,
8456 NULL, HFILL }},
8457 { &hf_kerberos_KERB_TICKET_LOGON_ServiceTicketLength,
8458 { "ServiceTicketLength", "kerberos.KERB_TICKET_LOGON.ServiceTicketLength",
8459 FT_UINT32, BASE_DEC, NULL, 0,
8460 NULL, HFILL }},
8461 { &hf_kerberos_KERB_TICKET_LOGON_TicketGrantingTicketLength,
8462 { "TicketGrantingTicketLength", "kerberos.KERB_TICKET_LOGON.TicketGrantingTicketLength",
8463 FT_UINT32, BASE_DEC, NULL, 0,
8464 NULL, HFILL }},
8465 { &hf_kerberos_KERB_TICKET_LOGON_ServiceTicket,
8466 { "ServiceTicket", "kerberos.KERB_TICKET_LOGON.ServiceTicket",
8467 FT_NONE, BASE_NONE, NULL, 0,
8468 NULL, HFILL }},
8469 { &hf_kerberos_KERB_TICKET_LOGON_TicketGrantingTicket,
8470 { "TicketGrantingTicket", "kerberos.KERB_TICKET_LOGON.TicketGrantingTicket",
8471 FT_NONE, BASE_NONE, NULL, 0,
8472 NULL, HFILL }},
8473 { &hf_kerberos_KERB_TICKET_LOGON_FLAG_ALLOW_EXPIRED_TICKET,
8474 { "allow_expired_ticket", "kerberos.KERB_TICKET_LOGON.FLAG_ALLOW_EXPIRED_TICKET",
8475 FT_BOOLEAN, 32, NULL, KERB_LOGON_FLAG_ALLOW_EXPIRED_TICKET,
8476 NULL, HFILL }},
8477 { &hf_kerberos_KERB_TICKET_LOGON_FLAG_REDIRECTED,
8478 { "redirected", "kerberos.KERB_TICKET_LOGON.FLAG_REDIRECTED",
8479 FT_BOOLEAN, 32, NULL, KERB_LOGON_FLAG_REDIRECTED,
8480 NULL, HFILL }},
8481 #ifdef HAVE_KERBEROS
8482 { &hf_kerberos_KrbFastResponse,
8483 { "KrbFastResponse", "kerberos.KrbFastResponse_element",
8484 FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
8485 { &hf_kerberos_strengthen_key,
8486 { "strengthen-key", "kerberos.strengthen_key_element",
8487 FT_NONE, BASE_NONE, NULL, 0,
8488 NULL, HFILL }},
8489 { &hf_kerberos_finished,
8490 { "finished", "kerberos.finished_element",
8491 FT_NONE, BASE_NONE, NULL, 0,
8492 "KrbFastFinished", HFILL }},
8493 { &hf_kerberos_fast_options,
8494 { "fast-options", "kerberos.fast_options",
8495 FT_BYTES, BASE_NONE, NULL, 0,
8496 "FastOptions", HFILL }},
8497 { &hf_kerberos_FastOptions_reserved,
8498 { "reserved", "kerberos.FastOptions.reserved",
8499 FT_BOOLEAN, 8, NULL, 0x80,
8500 NULL, HFILL }},
8501 { &hf_kerberos_FastOptions_hide_client_names,
8502 { "hide-client-names", "kerberos.FastOptions.hide.client.names",
8503 FT_BOOLEAN, 8, NULL, 0x40,
8504 NULL, HFILL }},
8505 { &hf_kerberos_FastOptions_spare_bit2,
8506 { "spare_bit2", "kerberos.FastOptions.spare.bit2",
8507 FT_BOOLEAN, 8, NULL, 0x20,
8508 NULL, HFILL }},
8509 { &hf_kerberos_FastOptions_spare_bit3,
8510 { "spare_bit3", "kerberos.FastOptions.spare.bit3",
8511 FT_BOOLEAN, 8, NULL, 0x10,
8512 NULL, HFILL }},
8513 { &hf_kerberos_FastOptions_spare_bit4,
8514 { "spare_bit4", "kerberos.FastOptions.spare.bit4",
8515 FT_BOOLEAN, 8, NULL, 0x08,
8516 NULL, HFILL }},
8517 { &hf_kerberos_FastOptions_spare_bit5,
8518 { "spare_bit5", "kerberos.FastOptions.spare.bit5",
8519 FT_BOOLEAN, 8, NULL, 0x04,
8520 NULL, HFILL }},
8521 { &hf_kerberos_FastOptions_spare_bit6,
8522 { "spare_bit6", "kerberos.FastOptions.spare.bit6",
8523 FT_BOOLEAN, 8, NULL, 0x02,
8524 NULL, HFILL }},
8525 { &hf_kerberos_FastOptions_spare_bit7,
8526 { "spare_bit7", "kerberos.FastOptions.spare.bit7",
8527 FT_BOOLEAN, 8, NULL, 0x01,
8528 NULL, HFILL }},
8529 { &hf_kerberos_FastOptions_spare_bit8,
8530 { "spare_bit8", "kerberos.FastOptions.spare.bit8",
8531 FT_BOOLEAN, 8, NULL, 0x80,
8532 NULL, HFILL }},
8533 { &hf_kerberos_FastOptions_spare_bit9,
8534 { "spare_bit9", "kerberos.FastOptions.spare.bit9",
8535 FT_BOOLEAN, 8, NULL, 0x40,
8536 NULL, HFILL }},
8537 { &hf_kerberos_FastOptions_spare_bit10,
8538 { "spare_bit10", "kerberos.FastOptions.spare.bit10",
8539 FT_BOOLEAN, 8, NULL, 0x20,
8540 NULL, HFILL }},
8541 { &hf_kerberos_FastOptions_spare_bit11,
8542 { "spare_bit11", "kerberos.FastOptions.spare.bit11",
8543 FT_BOOLEAN, 8, NULL, 0x10,
8544 NULL, HFILL }},
8545 { &hf_kerberos_FastOptions_spare_bit12,
8546 { "spare_bit12", "kerberos.FastOptions.spare.bit12",
8547 FT_BOOLEAN, 8, NULL, 0x08,
8548 NULL, HFILL }},
8549 { &hf_kerberos_FastOptions_spare_bit13,
8550 { "spare_bit13", "kerberos.FastOptions.spare.bit13",
8551 FT_BOOLEAN, 8, NULL, 0x04,
8552 NULL, HFILL }},
8553 { &hf_kerberos_FastOptions_spare_bit14,
8554 { "spare_bit14", "kerberos.FastOptions.spare.bit14",
8555 FT_BOOLEAN, 8, NULL, 0x02,
8556 NULL, HFILL }},
8557 { &hf_kerberos_FastOptions_spare_bit15,
8558 { "spare_bit15", "kerberos.FastOptions.spare.bit15",
8559 FT_BOOLEAN, 8, NULL, 0x01,
8560 NULL, HFILL }},
8561 { &hf_kerberos_FastOptions_kdc_follow_referrals,
8562 { "kdc-follow-referrals", "kerberos.FastOptions.kdc.follow.referrals",
8563 FT_BOOLEAN, 8, NULL, 0x80,
8564 NULL, HFILL }},
8565 { &hf_kerberos_ticket_checksum,
8566 { "ticket-checksum", "kerberos.ticket_checksum_element",
8567 FT_NONE, BASE_NONE, NULL, 0,
8568 "Checksum", HFILL }},
8569 { &hf_krb_patimestamp,
8570 { "patimestamp", "kerberos.patimestamp",
8571 FT_STRING, BASE_NONE, NULL, 0, "KerberosTime", HFILL }},
8572 { &hf_krb_pausec,
8573 { "pausec", "kerberos.pausec",
8574 FT_UINT32, BASE_DEC, NULL, 0, "Microseconds", HFILL }},
8575 #endif /* HAVE_KERBEROS */
8576
8577
8578 /*--- Included file: packet-kerberos-hfarr.c ---*/
8579 #line 1 "./asn1/kerberos/packet-kerberos-hfarr.c"
8580 { &hf_kerberos_ticket,
8581 { "ticket", "kerberos.ticket_element",
8582 FT_NONE, BASE_NONE, NULL, 0,
8583 NULL, HFILL }},
8584 { &hf_kerberos_authenticator,
8585 { "authenticator", "kerberos.authenticator_element",
8586 FT_NONE, BASE_NONE, NULL, 0,
8587 NULL, HFILL }},
8588 { &hf_kerberos_encTicketPart,
8589 { "encTicketPart", "kerberos.encTicketPart_element",
8590 FT_NONE, BASE_NONE, NULL, 0,
8591 NULL, HFILL }},
8592 { &hf_kerberos_as_req,
8593 { "as-req", "kerberos.as_req_element",
8594 FT_NONE, BASE_NONE, NULL, 0,
8595 NULL, HFILL }},
8596 { &hf_kerberos_as_rep,
8597 { "as-rep", "kerberos.as_rep_element",
8598 FT_NONE, BASE_NONE, NULL, 0,
8599 NULL, HFILL }},
8600 { &hf_kerberos_tgs_req,
8601 { "tgs-req", "kerberos.tgs_req_element",
8602 FT_NONE, BASE_NONE, NULL, 0,
8603 NULL, HFILL }},
8604 { &hf_kerberos_tgs_rep,
8605 { "tgs-rep", "kerberos.tgs_rep_element",
8606 FT_NONE, BASE_NONE, NULL, 0,
8607 NULL, HFILL }},
8608 { &hf_kerberos_ap_req,
8609 { "ap-req", "kerberos.ap_req_element",
8610 FT_NONE, BASE_NONE, NULL, 0,
8611 NULL, HFILL }},
8612 { &hf_kerberos_ap_rep,
8613 { "ap-rep", "kerberos.ap_rep_element",
8614 FT_NONE, BASE_NONE, NULL, 0,
8615 NULL, HFILL }},
8616 { &hf_kerberos_krb_safe,
8617 { "krb-safe", "kerberos.krb_safe_element",
8618 FT_NONE, BASE_NONE, NULL, 0,
8619 NULL, HFILL }},
8620 { &hf_kerberos_krb_priv,
8621 { "krb-priv", "kerberos.krb_priv_element",
8622 FT_NONE, BASE_NONE, NULL, 0,
8623 NULL, HFILL }},
8624 { &hf_kerberos_krb_cred,
8625 { "krb-cred", "kerberos.krb_cred_element",
8626 FT_NONE, BASE_NONE, NULL, 0,
8627 NULL, HFILL }},
8628 { &hf_kerberos_encASRepPart,
8629 { "encASRepPart", "kerberos.encASRepPart_element",
8630 FT_NONE, BASE_NONE, NULL, 0,
8631 NULL, HFILL }},
8632 { &hf_kerberos_encTGSRepPart,
8633 { "encTGSRepPart", "kerberos.encTGSRepPart_element",
8634 FT_NONE, BASE_NONE, NULL, 0,
8635 NULL, HFILL }},
8636 { &hf_kerberos_encAPRepPart,
8637 { "encAPRepPart", "kerberos.encAPRepPart_element",
8638 FT_NONE, BASE_NONE, NULL, 0,
8639 NULL, HFILL }},
8640 { &hf_kerberos_encKrbPrivPart,
8641 { "encKrbPrivPart", "kerberos.encKrbPrivPart_element",
8642 FT_NONE, BASE_NONE, NULL, 0,
8643 "ENC_KRB_PRIV_PART", HFILL }},
8644 { &hf_kerberos_encKrbCredPart,
8645 { "encKrbCredPart", "kerberos.encKrbCredPart_element",
8646 FT_NONE, BASE_NONE, NULL, 0,
8647 NULL, HFILL }},
8648 { &hf_kerberos_krb_error,
8649 { "krb-error", "kerberos.krb_error_element",
8650 FT_NONE, BASE_NONE, NULL, 0,
8651 NULL, HFILL }},
8652 { &hf_kerberos_name_type,
8653 { "name-type", "kerberos.name_type",
8654 FT_INT32, BASE_DEC, VALS(kerberos_NAME_TYPE_vals), 0,
8655 NULL, HFILL }},
8656 { &hf_kerberos_name_string,
8657 { "name-string", "kerberos.name_string",
8658 FT_UINT32, BASE_DEC, NULL, 0,
8659 "SEQUENCE_OF_KerberosString", HFILL }},
8660 { &hf_kerberos_name_string_item,
8661 { "KerberosString", "kerberos.KerberosString",
8662 FT_STRING, BASE_NONE, NULL, 0,
8663 NULL, HFILL }},
8664 { &hf_kerberos_cname_string,
8665 { "cname-string", "kerberos.cname_string",
8666 FT_UINT32, BASE_DEC, NULL, 0,
8667 "SEQUENCE_OF_CNameString", HFILL }},
8668 { &hf_kerberos_cname_string_item,
8669 { "CNameString", "kerberos.CNameString",
8670 FT_STRING, BASE_NONE, NULL, 0,
8671 NULL, HFILL }},
8672 { &hf_kerberos_sname_string,
8673 { "sname-string", "kerberos.sname_string",
8674 FT_UINT32, BASE_DEC, NULL, 0,
8675 "SEQUENCE_OF_SNameString", HFILL }},
8676 { &hf_kerberos_sname_string_item,
8677 { "SNameString", "kerberos.SNameString",
8678 FT_STRING, BASE_NONE, NULL, 0,
8679 NULL, HFILL }},
8680 { &hf_kerberos_addr_type,
8681 { "addr-type", "kerberos.addr_type",
8682 FT_INT32, BASE_DEC, VALS(kerberos_ADDR_TYPE_vals), 0,
8683 NULL, HFILL }},
8684 { &hf_kerberos_address,
8685 { "address", "kerberos.address",
8686 FT_BYTES, BASE_NONE, NULL, 0,
8687 NULL, HFILL }},
8688 { &hf_kerberos_HostAddresses_item,
8689 { "HostAddress", "kerberos.HostAddress_element",
8690 FT_NONE, BASE_NONE, NULL, 0,
8691 NULL, HFILL }},
8692 { &hf_kerberos_AuthorizationData_item,
8693 { "AuthorizationData item", "kerberos.AuthorizationData_item_element",
8694 FT_NONE, BASE_NONE, NULL, 0,
8695 NULL, HFILL }},
8696 { &hf_kerberos_ad_type,
8697 { "ad-type", "kerberos.ad_type",
8698 FT_INT32, BASE_DEC, VALS(kerberos_AUTHDATA_TYPE_vals), 0,
8699 "AUTHDATA_TYPE", HFILL }},
8700 { &hf_kerberos_ad_data,
8701 { "ad-data", "kerberos.ad_data",
8702 FT_BYTES, BASE_NONE, NULL, 0,
8703 NULL, HFILL }},
8704 { &hf_kerberos_padata_type,
8705 { "padata-type", "kerberos.padata_type",
8706 FT_INT32, BASE_DEC, VALS(kerberos_PADATA_TYPE_vals), 0,
8707 NULL, HFILL }},
8708 { &hf_kerberos_padata_value,
8709 { "padata-value", "kerberos.padata_value",
8710 FT_BYTES, BASE_NONE, NULL, 0,
8711 NULL, HFILL }},
8712 { &hf_kerberos_keytype,
8713 { "keytype", "kerberos.keytype",
8714 FT_INT32, BASE_DEC, NULL, 0,
8715 NULL, HFILL }},
8716 { &hf_kerberos_keyvalue,
8717 { "keyvalue", "kerberos.keyvalue",
8718 FT_BYTES, BASE_NONE, NULL, 0,
8719 NULL, HFILL }},
8720 { &hf_kerberos_cksumtype,
8721 { "cksumtype", "kerberos.cksumtype",
8722 FT_INT32, BASE_DEC, VALS(kerberos_CKSUMTYPE_vals), 0,
8723 NULL, HFILL }},
8724 { &hf_kerberos_checksum,
8725 { "checksum", "kerberos.checksum",
8726 FT_BYTES, BASE_NONE, NULL, 0,
8727 NULL, HFILL }},
8728 { &hf_kerberos_etype,
8729 { "etype", "kerberos.etype",
8730 FT_INT32, BASE_DEC, VALS(kerberos_ENCTYPE_vals), 0,
8731 "ENCTYPE", HFILL }},
8732 { &hf_kerberos_kvno,
8733 { "kvno", "kerberos.kvno",
8734 FT_UINT32, BASE_DEC, NULL, 0,
8735 "UInt32", HFILL }},
8736 { &hf_kerberos_encryptedTicketData_cipher,
8737 { "cipher", "kerberos.cipher",
8738 FT_BYTES, BASE_NONE, NULL, 0,
8739 "T_encryptedTicketData_cipher", HFILL }},
8740 { &hf_kerberos_encryptedAuthorizationData_cipher,
8741 { "cipher", "kerberos.cipher",
8742 FT_BYTES, BASE_NONE, NULL, 0,
8743 "T_encryptedAuthorizationData_cipher", HFILL }},
8744 { &hf_kerberos_encryptedAuthenticator_cipher,
8745 { "cipher", "kerberos.cipher",
8746 FT_BYTES, BASE_NONE, NULL, 0,
8747 "T_encryptedAuthenticator_cipher", HFILL }},
8748 { &hf_kerberos_encryptedKDCREPData_cipher,
8749 { "cipher", "kerberos.cipher",
8750 FT_BYTES, BASE_NONE, NULL, 0,
8751 "T_encryptedKDCREPData_cipher", HFILL }},
8752 { &hf_kerberos_encryptedAPREPData_cipher,
8753 { "cipher", "kerberos.cipher",
8754 FT_BYTES, BASE_NONE, NULL, 0,
8755 "T_encryptedAPREPData_cipher", HFILL }},
8756 { &hf_kerberos_encryptedKrbPrivData_cipher,
8757 { "cipher", "kerberos.cipher",
8758 FT_BYTES, BASE_NONE, NULL, 0,
8759 "T_encryptedKrbPrivData_cipher", HFILL }},
8760 { &hf_kerberos_encryptedKrbCredData_cipher,
8761 { "cipher", "kerberos.cipher",
8762 FT_BYTES, BASE_NONE, NULL, 0,
8763 "T_encryptedKrbCredData_cipher", HFILL }},
8764 { &hf_kerberos_tkt_vno,
8765 { "tkt-vno", "kerberos.tkt_vno",
8766 FT_UINT32, BASE_DEC, NULL, 0,
8767 "INTEGER_5", HFILL }},
8768 { &hf_kerberos_realm,
8769 { "realm", "kerberos.realm",
8770 FT_STRING, BASE_NONE, NULL, 0,
8771 NULL, HFILL }},
8772 { &hf_kerberos_sname,
8773 { "sname", "kerberos.sname_element",
8774 FT_NONE, BASE_NONE, NULL, 0,
8775 NULL, HFILL }},
8776 { &hf_kerberos_ticket_enc_part,
8777 { "enc-part", "kerberos.enc_part_element",
8778 FT_NONE, BASE_NONE, NULL, 0,
8779 "EncryptedTicketData", HFILL }},
8780 { &hf_kerberos_flags,
8781 { "flags", "kerberos.flags",
8782 FT_BYTES, BASE_NONE, NULL, 0,
8783 "TicketFlags", HFILL }},
8784 { &hf_kerberos_encTicketPart_key,
8785 { "key", "kerberos.key_element",
8786 FT_NONE, BASE_NONE, NULL, 0,
8787 "T_encTicketPart_key", HFILL }},
8788 { &hf_kerberos_crealm,
8789 { "crealm", "kerberos.crealm",
8790 FT_STRING, BASE_NONE, NULL, 0,
8791 "Realm", HFILL }},
8792 { &hf_kerberos_cname,
8793 { "cname", "kerberos.cname_element",
8794 FT_NONE, BASE_NONE, NULL, 0,
8795 NULL, HFILL }},
8796 { &hf_kerberos_transited,
8797 { "transited", "kerberos.transited_element",
8798 FT_NONE, BASE_NONE, NULL, 0,
8799 "TransitedEncoding", HFILL }},
8800 { &hf_kerberos_authtime,
8801 { "authtime", "kerberos.authtime",
8802 FT_STRING, BASE_NONE, NULL, 0,
8803 "KerberosTime", HFILL }},
8804 { &hf_kerberos_starttime,
8805 { "starttime", "kerberos.starttime",
8806 FT_STRING, BASE_NONE, NULL, 0,
8807 "KerberosTime", HFILL }},
8808 { &hf_kerberos_endtime,
8809 { "endtime", "kerberos.endtime",
8810 FT_STRING, BASE_NONE, NULL, 0,
8811 "KerberosTime", HFILL }},
8812 { &hf_kerberos_renew_till,
8813 { "renew-till", "kerberos.renew_till",
8814 FT_STRING, BASE_NONE, NULL, 0,
8815 "KerberosTime", HFILL }},
8816 { &hf_kerberos_caddr,
8817 { "caddr", "kerberos.caddr",
8818 FT_UINT32, BASE_DEC, NULL, 0,
8819 "HostAddresses", HFILL }},
8820 { &hf_kerberos_authorization_data,
8821 { "authorization-data", "kerberos.authorization_data",
8822 FT_UINT32, BASE_DEC, NULL, 0,
8823 "AuthorizationData", HFILL }},
8824 { &hf_kerberos_tr_type,
8825 { "tr-type", "kerberos.tr_type",
8826 FT_INT32, BASE_DEC, NULL, 0,
8827 "Int32", HFILL }},
8828 { &hf_kerberos_contents,
8829 { "contents", "kerberos.contents",
8830 FT_BYTES, BASE_NONE, NULL, 0,
8831 "OCTET_STRING", HFILL }},
8832 { &hf_kerberos_pvno,
8833 { "pvno", "kerberos.pvno",
8834 FT_UINT32, BASE_DEC, NULL, 0,
8835 "INTEGER_5", HFILL }},
8836 { &hf_kerberos_msg_type,
8837 { "msg-type", "kerberos.msg_type",
8838 FT_INT32, BASE_DEC, VALS(kerberos_MESSAGE_TYPE_vals), 0,
8839 "MESSAGE_TYPE", HFILL }},
8840 { &hf_kerberos_padata,
8841 { "padata", "kerberos.padata",
8842 FT_UINT32, BASE_DEC, NULL, 0,
8843 "SEQUENCE_OF_PA_DATA", HFILL }},
8844 { &hf_kerberos_padata_item,
8845 { "PA-DATA", "kerberos.PA_DATA_element",
8846 FT_NONE, BASE_NONE, NULL, 0,
8847 NULL, HFILL }},
8848 { &hf_kerberos_req_body,
8849 { "req-body", "kerberos.req_body_element",
8850 FT_NONE, BASE_NONE, NULL, 0,
8851 "KDC_REQ_BODY", HFILL }},
8852 { &hf_kerberos_kdc_options,
8853 { "kdc-options", "kerberos.kdc_options",
8854 FT_BYTES, BASE_NONE, NULL, 0,
8855 "KDCOptions", HFILL }},
8856 { &hf_kerberos_from,
8857 { "from", "kerberos.from",
8858 FT_STRING, BASE_NONE, NULL, 0,
8859 "KerberosTime", HFILL }},
8860 { &hf_kerberos_till,
8861 { "till", "kerberos.till",
8862 FT_STRING, BASE_NONE, NULL, 0,
8863 "KerberosTime", HFILL }},
8864 { &hf_kerberos_rtime,
8865 { "rtime", "kerberos.rtime",
8866 FT_STRING, BASE_NONE, NULL, 0,
8867 "KerberosTime", HFILL }},
8868 { &hf_kerberos_nonce,
8869 { "nonce", "kerberos.nonce",
8870 FT_UINT32, BASE_DEC, NULL, 0,
8871 "UInt32", HFILL }},
8872 { &hf_kerberos_kDC_REQ_BODY_etype,
8873 { "etype", "kerberos.kdc-req-body.etype",
8874 FT_UINT32, BASE_DEC, NULL, 0,
8875 "SEQUENCE_OF_ENCTYPE", HFILL }},
8876 { &hf_kerberos_kDC_REQ_BODY_etype_item,
8877 { "ENCTYPE", "kerberos.ENCTYPE",
8878 FT_INT32, BASE_DEC, VALS(kerberos_ENCTYPE_vals), 0,
8879 NULL, HFILL }},
8880 { &hf_kerberos_addresses,
8881 { "addresses", "kerberos.addresses",
8882 FT_UINT32, BASE_DEC, NULL, 0,
8883 "HostAddresses", HFILL }},
8884 { &hf_kerberos_enc_authorization_data,
8885 { "enc-authorization-data", "kerberos.enc_authorization_data_element",
8886 FT_NONE, BASE_NONE, NULL, 0,
8887 "EncryptedAuthorizationData", HFILL }},
8888 { &hf_kerberos_additional_tickets,
8889 { "additional-tickets", "kerberos.additional_tickets",
8890 FT_UINT32, BASE_DEC, NULL, 0,
8891 "SEQUENCE_OF_Ticket", HFILL }},
8892 { &hf_kerberos_additional_tickets_item,
8893 { "Ticket", "kerberos.Ticket_element",
8894 FT_NONE, BASE_NONE, NULL, 0,
8895 NULL, HFILL }},
8896 { &hf_kerberos_kDC_REP_enc_part,
8897 { "enc-part", "kerberos.enc_part_element",
8898 FT_NONE, BASE_NONE, NULL, 0,
8899 "EncryptedKDCREPData", HFILL }},
8900 { &hf_kerberos_encKDCRepPart_key,
8901 { "key", "kerberos.key_element",
8902 FT_NONE, BASE_NONE, NULL, 0,
8903 "T_encKDCRepPart_key", HFILL }},
8904 { &hf_kerberos_last_req,
8905 { "last-req", "kerberos.last_req",
8906 FT_UINT32, BASE_DEC, NULL, 0,
8907 "LastReq", HFILL }},
8908 { &hf_kerberos_key_expiration,
8909 { "key-expiration", "kerberos.key_expiration",
8910 FT_STRING, BASE_NONE, NULL, 0,
8911 "KerberosTime", HFILL }},
8912 { &hf_kerberos_srealm,
8913 { "srealm", "kerberos.srealm",
8914 FT_STRING, BASE_NONE, NULL, 0,
8915 "Realm", HFILL }},
8916 { &hf_kerberos_encrypted_pa_data,
8917 { "encrypted-pa-data", "kerberos.encrypted_pa_data",
8918 FT_UINT32, BASE_DEC, NULL, 0,
8919 NULL, HFILL }},
8920 { &hf_kerberos_LastReq_item,
8921 { "LastReq item", "kerberos.LastReq_item_element",
8922 FT_NONE, BASE_NONE, NULL, 0,
8923 NULL, HFILL }},
8924 { &hf_kerberos_lr_type,
8925 { "lr-type", "kerberos.lr_type",
8926 FT_INT32, BASE_DEC, VALS(kerberos_LR_TYPE_vals), 0,
8927 NULL, HFILL }},
8928 { &hf_kerberos_lr_value,
8929 { "lr-value", "kerberos.lr_value",
8930 FT_STRING, BASE_NONE, NULL, 0,
8931 "KerberosTime", HFILL }},
8932 { &hf_kerberos_ap_options,
8933 { "ap-options", "kerberos.ap_options",
8934 FT_BYTES, BASE_NONE, NULL, 0,
8935 "APOptions", HFILL }},
8936 { &hf_kerberos_authenticator_enc_part,
8937 { "authenticator", "kerberos.authenticator_element",
8938 FT_NONE, BASE_NONE, NULL, 0,
8939 "EncryptedAuthenticator", HFILL }},
8940 { &hf_kerberos_authenticator_vno,
8941 { "authenticator-vno", "kerberos.authenticator_vno",
8942 FT_UINT32, BASE_DEC, NULL, 0,
8943 "INTEGER_5", HFILL }},
8944 { &hf_kerberos_cksum,
8945 { "cksum", "kerberos.cksum_element",
8946 FT_NONE, BASE_NONE, NULL, 0,
8947 "Checksum", HFILL }},
8948 { &hf_kerberos_cusec,
8949 { "cusec", "kerberos.cusec",
8950 FT_UINT32, BASE_DEC, NULL, 0,
8951 "Microseconds", HFILL }},
8952 { &hf_kerberos_ctime,
8953 { "ctime", "kerberos.ctime",
8954 FT_STRING, BASE_NONE, NULL, 0,
8955 "KerberosTime", HFILL }},
8956 { &hf_kerberos_authenticator_subkey,
8957 { "subkey", "kerberos.subkey_element",
8958 FT_NONE, BASE_NONE, NULL, 0,
8959 "T_authenticator_subkey", HFILL }},
8960 { &hf_kerberos_seq_number,
8961 { "seq-number", "kerberos.seq_number",
8962 FT_UINT32, BASE_DEC, NULL, 0,
8963 "UInt32", HFILL }},
8964 { &hf_kerberos_aP_REP_enc_part,
8965 { "enc-part", "kerberos.enc_part_element",
8966 FT_NONE, BASE_NONE, NULL, 0,
8967 "EncryptedAPREPData", HFILL }},
8968 { &hf_kerberos_encAPRepPart_subkey,
8969 { "subkey", "kerberos.subkey_element",
8970 FT_NONE, BASE_NONE, NULL, 0,
8971 "T_encAPRepPart_subkey", HFILL }},
8972 { &hf_kerberos_safe_body,
8973 { "safe-body", "kerberos.safe_body_element",
8974 FT_NONE, BASE_NONE, NULL, 0,
8975 "KRB_SAFE_BODY", HFILL }},
8976 { &hf_kerberos_kRB_SAFE_BODY_user_data,
8977 { "user-data", "kerberos.user_data",
8978 FT_BYTES, BASE_NONE, NULL, 0,
8979 "T_kRB_SAFE_BODY_user_data", HFILL }},
8980 { &hf_kerberos_timestamp,
8981 { "timestamp", "kerberos.timestamp",
8982 FT_STRING, BASE_NONE, NULL, 0,
8983 "KerberosTime", HFILL }},
8984 { &hf_kerberos_usec,
8985 { "usec", "kerberos.usec",
8986 FT_UINT32, BASE_DEC, NULL, 0,
8987 "Microseconds", HFILL }},
8988 { &hf_kerberos_s_address,
8989 { "s-address", "kerberos.s_address_element",
8990 FT_NONE, BASE_NONE, NULL, 0,
8991 "HostAddress", HFILL }},
8992 { &hf_kerberos_r_address,
8993 { "r-address", "kerberos.r_address_element",
8994 FT_NONE, BASE_NONE, NULL, 0,
8995 "HostAddress", HFILL }},
8996 { &hf_kerberos_kRB_PRIV_enc_part,
8997 { "enc-part", "kerberos.enc_part_element",
8998 FT_NONE, BASE_NONE, NULL, 0,
8999 "EncryptedKrbPrivData", HFILL }},
9000 { &hf_kerberos_encKrbPrivPart_user_data,
9001 { "user-data", "kerberos.user_data",
9002 FT_BYTES, BASE_NONE, NULL, 0,
9003 "T_encKrbPrivPart_user_data", HFILL }},
9004 { &hf_kerberos_tickets,
9005 { "tickets", "kerberos.tickets",
9006 FT_UINT32, BASE_DEC, NULL, 0,
9007 "SEQUENCE_OF_Ticket", HFILL }},
9008 { &hf_kerberos_tickets_item,
9009 { "Ticket", "kerberos.Ticket_element",
9010 FT_NONE, BASE_NONE, NULL, 0,
9011 NULL, HFILL }},
9012 { &hf_kerberos_kRB_CRED_enc_part,
9013 { "enc-part", "kerberos.enc_part_element",
9014 FT_NONE, BASE_NONE, NULL, 0,
9015 "EncryptedKrbCredData", HFILL }},
9016 { &hf_kerberos_ticket_info,
9017 { "ticket-info", "kerberos.ticket_info",
9018 FT_UINT32, BASE_DEC, NULL, 0,
9019 "SEQUENCE_OF_KrbCredInfo", HFILL }},
9020 { &hf_kerberos_ticket_info_item,
9021 { "KrbCredInfo", "kerberos.KrbCredInfo_element",
9022 FT_NONE, BASE_NONE, NULL, 0,
9023 NULL, HFILL }},
9024 { &hf_kerberos_krbCredInfo_key,
9025 { "key", "kerberos.key_element",
9026 FT_NONE, BASE_NONE, NULL, 0,
9027 "T_krbCredInfo_key", HFILL }},
9028 { &hf_kerberos_prealm,
9029 { "prealm", "kerberos.prealm",
9030 FT_STRING, BASE_NONE, NULL, 0,
9031 "Realm", HFILL }},
9032 { &hf_kerberos_pname,
9033 { "pname", "kerberos.pname_element",
9034 FT_NONE, BASE_NONE, NULL, 0,
9035 "PrincipalName", HFILL }},
9036 { &hf_kerberos_stime,
9037 { "stime", "kerberos.stime",
9038 FT_STRING, BASE_NONE, NULL, 0,
9039 "KerberosTime", HFILL }},
9040 { &hf_kerberos_susec,
9041 { "susec", "kerberos.susec",
9042 FT_UINT32, BASE_DEC, NULL, 0,
9043 "Microseconds", HFILL }},
9044 { &hf_kerberos_error_code,
9045 { "error-code", "kerberos.error_code",
9046 FT_INT32, BASE_DEC, VALS(kerberos_ERROR_CODE_vals), 0,
9047 NULL, HFILL }},
9048 { &hf_kerberos_e_text,
9049 { "e-text", "kerberos.e_text",
9050 FT_STRING, BASE_NONE, NULL, 0,
9051 "KerberosString", HFILL }},
9052 { &hf_kerberos_e_data,
9053 { "e-data", "kerberos.e_data",
9054 FT_BYTES, BASE_NONE, NULL, 0,
9055 NULL, HFILL }},
9056 { &hf_kerberos_e_checksum,
9057 { "e-checksum", "kerberos.e_checksum_element",
9058 FT_NONE, BASE_NONE, NULL, 0,
9059 "Checksum", HFILL }},
9060 { &hf_kerberos_METHOD_DATA_item,
9061 { "PA-DATA", "kerberos.PA_DATA_element",
9062 FT_NONE, BASE_NONE, NULL, 0,
9063 NULL, HFILL }},
9064 { &hf_kerberos_pA_ENC_TIMESTAMP_cipher,
9065 { "cipher", "kerberos.cipher",
9066 FT_BYTES, BASE_NONE, NULL, 0,
9067 "T_pA_ENC_TIMESTAMP_cipher", HFILL }},
9068 { &hf_kerberos_info_salt,
9069 { "salt", "kerberos.info_salt",
9070 FT_BYTES, BASE_NONE, NULL, 0,
9071 "OCTET_STRING", HFILL }},
9072 { &hf_kerberos_ETYPE_INFO_item,
9073 { "ETYPE-INFO-ENTRY", "kerberos.ETYPE_INFO_ENTRY_element",
9074 FT_NONE, BASE_NONE, NULL, 0,
9075 NULL, HFILL }},
9076 { &hf_kerberos_info2_salt,
9077 { "salt", "kerberos.info2_salt",
9078 FT_STRING, BASE_NONE, NULL, 0,
9079 "KerberosString", HFILL }},
9080 { &hf_kerberos_s2kparams,
9081 { "s2kparams", "kerberos.s2kparams",
9082 FT_BYTES, BASE_NONE, NULL, 0,
9083 "OCTET_STRING", HFILL }},
9084 { &hf_kerberos_ETYPE_INFO2_item,
9085 { "ETYPE-INFO2-ENTRY", "kerberos.ETYPE_INFO2_ENTRY_element",
9086 FT_NONE, BASE_NONE, NULL, 0,
9087 NULL, HFILL }},
9088 { &hf_kerberos_server_name,
9089 { "server-name", "kerberos.server_name_element",
9090 FT_NONE, BASE_NONE, NULL, 0,
9091 "PrincipalName", HFILL }},
9092 { &hf_kerberos_include_pac,
9093 { "include-pac", "kerberos.include_pac",
9094 FT_BOOLEAN, BASE_NONE, NULL, 0,
9095 "BOOLEAN", HFILL }},
9096 { &hf_kerberos_name,
9097 { "name", "kerberos.name_element",
9098 FT_NONE, BASE_NONE, NULL, 0,
9099 "PrincipalName", HFILL }},
9100 { &hf_kerberos_auth,
9101 { "auth", "kerberos.auth",
9102 FT_STRING, BASE_NONE, NULL, 0,
9103 "GeneralString", HFILL }},
9104 { &hf_kerberos_user_id,
9105 { "user-id", "kerberos.user_id_element",
9106 FT_NONE, BASE_NONE, NULL, 0,
9107 "S4UUserID", HFILL }},
9108 { &hf_kerberos_checksum_01,
9109 { "checksum", "kerberos.checksum_element",
9110 FT_NONE, BASE_NONE, NULL, 0,
9111 NULL, HFILL }},
9112 { &hf_kerberos_cname_01,
9113 { "cname", "kerberos.cname_element",
9114 FT_NONE, BASE_NONE, NULL, 0,
9115 "PrincipalName", HFILL }},
9116 { &hf_kerberos_subject_certificate,
9117 { "subject-certificate", "kerberos.subject_certificate",
9118 FT_BYTES, BASE_NONE, NULL, 0,
9119 "T_subject_certificate", HFILL }},
9120 { &hf_kerberos_options,
9121 { "options", "kerberos.options",
9122 FT_BYTES, BASE_NONE, NULL, 0,
9123 "BIT_STRING", HFILL }},
9124 { &hf_kerberos_flags_01,
9125 { "flags", "kerberos.flags",
9126 FT_BYTES, BASE_NONE, NULL, 0,
9127 "PAC_OPTIONS_FLAGS", HFILL }},
9128 { &hf_kerberos_restriction_type,
9129 { "restriction-type", "kerberos.restriction_type",
9130 FT_INT32, BASE_DEC, NULL, 0,
9131 "Int32", HFILL }},
9132 { &hf_kerberos_restriction,
9133 { "restriction", "kerberos.restriction",
9134 FT_BYTES, BASE_NONE, NULL, 0,
9135 "OCTET_STRING", HFILL }},
9136 { &hf_kerberos_PA_KERB_KEY_LIST_REQ_item,
9137 { "ENCTYPE", "kerberos.ENCTYPE",
9138 FT_INT32, BASE_DEC, VALS(kerberos_ENCTYPE_vals), 0,
9139 NULL, HFILL }},
9140 { &hf_kerberos_kerbKeyListRep_key,
9141 { "key", "kerberos.kerbKeyListRep.key_element",
9142 FT_NONE, BASE_NONE, NULL, 0,
9143 "PA_KERB_KEY_LIST_REP_item", HFILL }},
9144 { &hf_kerberos_newpasswd,
9145 { "newpasswd", "kerberos.newpasswd",
9146 FT_BYTES, BASE_NONE, NULL, 0,
9147 "OCTET_STRING", HFILL }},
9148 { &hf_kerberos_targname,
9149 { "targname", "kerberos.targname_element",
9150 FT_NONE, BASE_NONE, NULL, 0,
9151 "PrincipalName", HFILL }},
9152 { &hf_kerberos_targrealm,
9153 { "targrealm", "kerberos.targrealm",
9154 FT_STRING, BASE_NONE, NULL, 0,
9155 "Realm", HFILL }},
9156 { &hf_kerberos_pa_type,
9157 { "pa-type", "kerberos.pa_type",
9158 FT_INT32, BASE_DEC, VALS(kerberos_PADATA_TYPE_vals), 0,
9159 "PADATA_TYPE", HFILL }},
9160 { &hf_kerberos_pa_hint,
9161 { "pa-hint", "kerberos.pa_hint",
9162 FT_BYTES, BASE_NONE, NULL, 0,
9163 "OCTET_STRING", HFILL }},
9164 { &hf_kerberos_pa_value,
9165 { "pa-value", "kerberos.pa_value",
9166 FT_BYTES, BASE_NONE, NULL, 0,
9167 "OCTET_STRING", HFILL }},
9168 { &hf_kerberos_armor_type,
9169 { "armor-type", "kerberos.armor_type",
9170 FT_INT32, BASE_DEC, VALS(kerberos_KrbFastArmorTypes_vals), 0,
9171 "KrbFastArmorTypes", HFILL }},
9172 { &hf_kerberos_armor_value,
9173 { "armor-value", "kerberos.armor_value",
9174 FT_BYTES, BASE_NONE, NULL, 0,
9175 NULL, HFILL }},
9176 { &hf_kerberos_armored_data_request,
9177 { "armored-data", "kerberos.armored_data_element",
9178 FT_NONE, BASE_NONE, NULL, 0,
9179 "KrbFastArmoredReq", HFILL }},
9180 { &hf_kerberos_encryptedKrbFastReq_cipher,
9181 { "cipher", "kerberos.cipher",
9182 FT_BYTES, BASE_NONE, NULL, 0,
9183 "T_encryptedKrbFastReq_cipher", HFILL }},
9184 { &hf_kerberos_armor,
9185 { "armor", "kerberos.armor_element",
9186 FT_NONE, BASE_NONE, NULL, 0,
9187 "KrbFastArmor", HFILL }},
9188 { &hf_kerberos_req_checksum,
9189 { "req-checksum", "kerberos.req_checksum_element",
9190 FT_NONE, BASE_NONE, NULL, 0,
9191 "Checksum", HFILL }},
9192 { &hf_kerberos_enc_fast_req,
9193 { "enc-fast-req", "kerberos.enc_fast_req_element",
9194 FT_NONE, BASE_NONE, NULL, 0,
9195 "EncryptedKrbFastReq", HFILL }},
9196 { &hf_kerberos_armored_data_reply,
9197 { "armored-data", "kerberos.armored_data_element",
9198 FT_NONE, BASE_NONE, NULL, 0,
9199 "KrbFastArmoredRep", HFILL }},
9200 { &hf_kerberos_encryptedKrbFastResponse_cipher,
9201 { "cipher", "kerberos.cipher",
9202 FT_BYTES, BASE_NONE, NULL, 0,
9203 "T_encryptedKrbFastResponse_cipher", HFILL }},
9204 { &hf_kerberos_enc_fast_rep,
9205 { "enc-fast-rep", "kerberos.enc_fast_rep_element",
9206 FT_NONE, BASE_NONE, NULL, 0,
9207 "EncryptedKrbFastResponse", HFILL }},
9208 { &hf_kerberos_encryptedChallenge_cipher,
9209 { "cipher", "kerberos.cipher",
9210 FT_BYTES, BASE_NONE, NULL, 0,
9211 "T_encryptedChallenge_cipher", HFILL }},
9212 { &hf_kerberos_cipher,
9213 { "cipher", "kerberos.cipher",
9214 FT_BYTES, BASE_NONE, NULL, 0,
9215 "OCTET_STRING", HFILL }},
9216 { &hf_kerberos_groups,
9217 { "groups", "kerberos.groups",
9218 FT_UINT32, BASE_DEC, NULL, 0,
9219 "SEQUENCE_SIZE_1_MAX_OF_SPAKEGroup", HFILL }},
9220 { &hf_kerberos_groups_item,
9221 { "SPAKEGroup", "kerberos.SPAKEGroup",
9222 FT_INT32, BASE_DEC, VALS(kerberos_SPAKEGroup_vals), 0,
9223 NULL, HFILL }},
9224 { &hf_kerberos_group,
9225 { "group", "kerberos.group",
9226 FT_INT32, BASE_DEC, VALS(kerberos_SPAKEGroup_vals), 0,
9227 "SPAKEGroup", HFILL }},
9228 { &hf_kerberos_pubkey,
9229 { "pubkey", "kerberos.pubkey",
9230 FT_BYTES, BASE_NONE, NULL, 0,
9231 "OCTET_STRING", HFILL }},
9232 { &hf_kerberos_factors,
9233 { "factors", "kerberos.factors",
9234 FT_UINT32, BASE_DEC, NULL, 0,
9235 "SEQUENCE_SIZE_1_MAX_OF_SPAKESecondFactor", HFILL }},
9236 { &hf_kerberos_factors_item,
9237 { "SPAKESecondFactor", "kerberos.SPAKESecondFactor_element",
9238 FT_NONE, BASE_NONE, NULL, 0,
9239 NULL, HFILL }},
9240 { &hf_kerberos_type,
9241 { "type", "kerberos.type",
9242 FT_INT32, BASE_DEC, VALS(kerberos_SPAKESecondFactorType_vals), 0,
9243 "SPAKESecondFactorType", HFILL }},
9244 { &hf_kerberos_data,
9245 { "data", "kerberos.data",
9246 FT_BYTES, BASE_NONE, NULL, 0,
9247 "OCTET_STRING", HFILL }},
9248 { &hf_kerberos_factor,
9249 { "factor", "kerberos.factor_element",
9250 FT_NONE, BASE_NONE, NULL, 0,
9251 "EncryptedSpakeResponseData", HFILL }},
9252 { &hf_kerberos_support,
9253 { "support", "kerberos.support_element",
9254 FT_NONE, BASE_NONE, NULL, 0,
9255 "SPAKESupport", HFILL }},
9256 { &hf_kerberos_challenge,
9257 { "challenge", "kerberos.challenge_element",
9258 FT_NONE, BASE_NONE, NULL, 0,
9259 "SPAKEChallenge", HFILL }},
9260 { &hf_kerberos_response,
9261 { "response", "kerberos.response_element",
9262 FT_NONE, BASE_NONE, NULL, 0,
9263 "SPAKEResponse", HFILL }},
9264 { &hf_kerberos_encdata,
9265 { "encdata", "kerberos.encdata_element",
9266 FT_NONE, BASE_NONE, NULL, 0,
9267 "EncryptedSpakeData", HFILL }},
9268 { &hf_kerberos_APOptions_reserved,
9269 { "reserved", "kerberos.APOptions.reserved",
9270 FT_BOOLEAN, 8, NULL, 0x80,
9271 NULL, HFILL }},
9272 { &hf_kerberos_APOptions_use_session_key,
9273 { "use-session-key", "kerberos.APOptions.use.session.key",
9274 FT_BOOLEAN, 8, NULL, 0x40,
9275 NULL, HFILL }},
9276 { &hf_kerberos_APOptions_mutual_required,
9277 { "mutual-required", "kerberos.APOptions.mutual.required",
9278 FT_BOOLEAN, 8, NULL, 0x20,
9279 NULL, HFILL }},
9280 { &hf_kerberos_TicketFlags_reserved,
9281 { "reserved", "kerberos.TicketFlags.reserved",
9282 FT_BOOLEAN, 8, NULL, 0x80,
9283 NULL, HFILL }},
9284 { &hf_kerberos_TicketFlags_forwardable,
9285 { "forwardable", "kerberos.TicketFlags.forwardable",
9286 FT_BOOLEAN, 8, NULL, 0x40,
9287 NULL, HFILL }},
9288 { &hf_kerberos_TicketFlags_forwarded,
9289 { "forwarded", "kerberos.TicketFlags.forwarded",
9290 FT_BOOLEAN, 8, NULL, 0x20,
9291 NULL, HFILL }},
9292 { &hf_kerberos_TicketFlags_proxiable,
9293 { "proxiable", "kerberos.TicketFlags.proxiable",
9294 FT_BOOLEAN, 8, NULL, 0x10,
9295 NULL, HFILL }},
9296 { &hf_kerberos_TicketFlags_proxy,
9297 { "proxy", "kerberos.TicketFlags.proxy",
9298 FT_BOOLEAN, 8, NULL, 0x08,
9299 NULL, HFILL }},
9300 { &hf_kerberos_TicketFlags_may_postdate,
9301 { "may-postdate", "kerberos.TicketFlags.may.postdate",
9302 FT_BOOLEAN, 8, NULL, 0x04,
9303 NULL, HFILL }},
9304 { &hf_kerberos_TicketFlags_postdated,
9305 { "postdated", "kerberos.TicketFlags.postdated",
9306 FT_BOOLEAN, 8, NULL, 0x02,
9307 NULL, HFILL }},
9308 { &hf_kerberos_TicketFlags_invalid,
9309 { "invalid", "kerberos.TicketFlags.invalid",
9310 FT_BOOLEAN, 8, NULL, 0x01,
9311 NULL, HFILL }},
9312 { &hf_kerberos_TicketFlags_renewable,
9313 { "renewable", "kerberos.TicketFlags.renewable",
9314 FT_BOOLEAN, 8, NULL, 0x80,
9315 NULL, HFILL }},
9316 { &hf_kerberos_TicketFlags_initial,
9317 { "initial", "kerberos.TicketFlags.initial",
9318 FT_BOOLEAN, 8, NULL, 0x40,
9319 NULL, HFILL }},
9320 { &hf_kerberos_TicketFlags_pre_authent,
9321 { "pre-authent", "kerberos.TicketFlags.pre.authent",
9322 FT_BOOLEAN, 8, NULL, 0x20,
9323 NULL, HFILL }},
9324 { &hf_kerberos_TicketFlags_hw_authent,
9325 { "hw-authent", "kerberos.TicketFlags.hw.authent",
9326 FT_BOOLEAN, 8, NULL, 0x10,
9327 NULL, HFILL }},
9328 { &hf_kerberos_TicketFlags_transited_policy_checked,
9329 { "transited-policy-checked", "kerberos.TicketFlags.transited.policy.checked",
9330 FT_BOOLEAN, 8, NULL, 0x08,
9331 NULL, HFILL }},
9332 { &hf_kerberos_TicketFlags_ok_as_delegate,
9333 { "ok-as-delegate", "kerberos.TicketFlags.ok.as.delegate",
9334 FT_BOOLEAN, 8, NULL, 0x04,
9335 NULL, HFILL }},
9336 { &hf_kerberos_TicketFlags_unused,
9337 { "unused", "kerberos.TicketFlags.unused",
9338 FT_BOOLEAN, 8, NULL, 0x02,
9339 NULL, HFILL }},
9340 { &hf_kerberos_TicketFlags_enc_pa_rep,
9341 { "enc-pa-rep", "kerberos.TicketFlags.enc.pa.rep",
9342 FT_BOOLEAN, 8, NULL, 0x01,
9343 NULL, HFILL }},
9344 { &hf_kerberos_TicketFlags_anonymous,
9345 { "anonymous", "kerberos.TicketFlags.anonymous",
9346 FT_BOOLEAN, 8, NULL, 0x80,
9347 NULL, HFILL }},
9348 { &hf_kerberos_KDCOptions_reserved,
9349 { "reserved", "kerberos.KDCOptions.reserved",
9350 FT_BOOLEAN, 8, NULL, 0x80,
9351 NULL, HFILL }},
9352 { &hf_kerberos_KDCOptions_forwardable,
9353 { "forwardable", "kerberos.KDCOptions.forwardable",
9354 FT_BOOLEAN, 8, NULL, 0x40,
9355 NULL, HFILL }},
9356 { &hf_kerberos_KDCOptions_forwarded,
9357 { "forwarded", "kerberos.KDCOptions.forwarded",
9358 FT_BOOLEAN, 8, NULL, 0x20,
9359 NULL, HFILL }},
9360 { &hf_kerberos_KDCOptions_proxiable,
9361 { "proxiable", "kerberos.KDCOptions.proxiable",
9362 FT_BOOLEAN, 8, NULL, 0x10,
9363 NULL, HFILL }},
9364 { &hf_kerberos_KDCOptions_proxy,
9365 { "proxy", "kerberos.KDCOptions.proxy",
9366 FT_BOOLEAN, 8, NULL, 0x08,
9367 NULL, HFILL }},
9368 { &hf_kerberos_KDCOptions_allow_postdate,
9369 { "allow-postdate", "kerberos.KDCOptions.allow.postdate",
9370 FT_BOOLEAN, 8, NULL, 0x04,
9371 NULL, HFILL }},
9372 { &hf_kerberos_KDCOptions_postdated,
9373 { "postdated", "kerberos.KDCOptions.postdated",
9374 FT_BOOLEAN, 8, NULL, 0x02,
9375 NULL, HFILL }},
9376 { &hf_kerberos_KDCOptions_unused7,
9377 { "unused7", "kerberos.KDCOptions.unused7",
9378 FT_BOOLEAN, 8, NULL, 0x01,
9379 NULL, HFILL }},
9380 { &hf_kerberos_KDCOptions_renewable,
9381 { "renewable", "kerberos.KDCOptions.renewable",
9382 FT_BOOLEAN, 8, NULL, 0x80,
9383 NULL, HFILL }},
9384 { &hf_kerberos_KDCOptions_unused9,
9385 { "unused9", "kerberos.KDCOptions.unused9",
9386 FT_BOOLEAN, 8, NULL, 0x40,
9387 NULL, HFILL }},
9388 { &hf_kerberos_KDCOptions_unused10,
9389 { "unused10", "kerberos.KDCOptions.unused10",
9390 FT_BOOLEAN, 8, NULL, 0x20,
9391 NULL, HFILL }},
9392 { &hf_kerberos_KDCOptions_opt_hardware_auth,
9393 { "opt-hardware-auth", "kerberos.KDCOptions.opt.hardware.auth",
9394 FT_BOOLEAN, 8, NULL, 0x10,
9395 NULL, HFILL }},
9396 { &hf_kerberos_KDCOptions_unused12,
9397 { "unused12", "kerberos.KDCOptions.unused12",
9398 FT_BOOLEAN, 8, NULL, 0x08,
9399 NULL, HFILL }},
9400 { &hf_kerberos_KDCOptions_unused13,
9401 { "unused13", "kerberos.KDCOptions.unused13",
9402 FT_BOOLEAN, 8, NULL, 0x04,
9403 NULL, HFILL }},
9404 { &hf_kerberos_KDCOptions_constrained_delegation,
9405 { "constrained-delegation", "kerberos.KDCOptions.constrained.delegation",
9406 FT_BOOLEAN, 8, NULL, 0x02,
9407 NULL, HFILL }},
9408 { &hf_kerberos_KDCOptions_canonicalize,
9409 { "canonicalize", "kerberos.KDCOptions.canonicalize",
9410 FT_BOOLEAN, 8, NULL, 0x01,
9411 NULL, HFILL }},
9412 { &hf_kerberos_KDCOptions_request_anonymous,
9413 { "request-anonymous", "kerberos.KDCOptions.request.anonymous",
9414 FT_BOOLEAN, 8, NULL, 0x80,
9415 NULL, HFILL }},
9416 { &hf_kerberos_KDCOptions_unused17,
9417 { "unused17", "kerberos.KDCOptions.unused17",
9418 FT_BOOLEAN, 8, NULL, 0x40,
9419 NULL, HFILL }},
9420 { &hf_kerberos_KDCOptions_unused18,
9421 { "unused18", "kerberos.KDCOptions.unused18",
9422 FT_BOOLEAN, 8, NULL, 0x20,
9423 NULL, HFILL }},
9424 { &hf_kerberos_KDCOptions_unused19,
9425 { "unused19", "kerberos.KDCOptions.unused19",
9426 FT_BOOLEAN, 8, NULL, 0x10,
9427 NULL, HFILL }},
9428 { &hf_kerberos_KDCOptions_unused20,
9429 { "unused20", "kerberos.KDCOptions.unused20",
9430 FT_BOOLEAN, 8, NULL, 0x08,
9431 NULL, HFILL }},
9432 { &hf_kerberos_KDCOptions_unused21,
9433 { "unused21", "kerberos.KDCOptions.unused21",
9434 FT_BOOLEAN, 8, NULL, 0x04,
9435 NULL, HFILL }},
9436 { &hf_kerberos_KDCOptions_unused22,
9437 { "unused22", "kerberos.KDCOptions.unused22",
9438 FT_BOOLEAN, 8, NULL, 0x02,
9439 NULL, HFILL }},
9440 { &hf_kerberos_KDCOptions_unused23,
9441 { "unused23", "kerberos.KDCOptions.unused23",
9442 FT_BOOLEAN, 8, NULL, 0x01,
9443 NULL, HFILL }},
9444 { &hf_kerberos_KDCOptions_unused24,
9445 { "unused24", "kerberos.KDCOptions.unused24",
9446 FT_BOOLEAN, 8, NULL, 0x80,
9447 NULL, HFILL }},
9448 { &hf_kerberos_KDCOptions_unused25,
9449 { "unused25", "kerberos.KDCOptions.unused25",
9450 FT_BOOLEAN, 8, NULL, 0x40,
9451 NULL, HFILL }},
9452 { &hf_kerberos_KDCOptions_disable_transited_check,
9453 { "disable-transited-check", "kerberos.KDCOptions.disable.transited.check",
9454 FT_BOOLEAN, 8, NULL, 0x20,
9455 NULL, HFILL }},
9456 { &hf_kerberos_KDCOptions_renewable_ok,
9457 { "renewable-ok", "kerberos.KDCOptions.renewable.ok",
9458 FT_BOOLEAN, 8, NULL, 0x10,
9459 NULL, HFILL }},
9460 { &hf_kerberos_KDCOptions_enc_tkt_in_skey,
9461 { "enc-tkt-in-skey", "kerberos.KDCOptions.enc.tkt.in.skey",
9462 FT_BOOLEAN, 8, NULL, 0x08,
9463 NULL, HFILL }},
9464 { &hf_kerberos_KDCOptions_unused29,
9465 { "unused29", "kerberos.KDCOptions.unused29",
9466 FT_BOOLEAN, 8, NULL, 0x04,
9467 NULL, HFILL }},
9468 { &hf_kerberos_KDCOptions_renew,
9469 { "renew", "kerberos.KDCOptions.renew",
9470 FT_BOOLEAN, 8, NULL, 0x02,
9471 NULL, HFILL }},
9472 { &hf_kerberos_KDCOptions_validate,
9473 { "validate", "kerberos.KDCOptions.validate",
9474 FT_BOOLEAN, 8, NULL, 0x01,
9475 NULL, HFILL }},
9476 { &hf_kerberos_PAC_OPTIONS_FLAGS_claims,
9477 { "claims", "kerberos.PAC.OPTIONS.FLAGS.claims",
9478 FT_BOOLEAN, 8, NULL, 0x80,
9479 NULL, HFILL }},
9480 { &hf_kerberos_PAC_OPTIONS_FLAGS_branch_aware,
9481 { "branch-aware", "kerberos.PAC.OPTIONS.FLAGS.branch.aware",
9482 FT_BOOLEAN, 8, NULL, 0x40,
9483 NULL, HFILL }},
9484 { &hf_kerberos_PAC_OPTIONS_FLAGS_forward_to_full_dc,
9485 { "forward-to-full-dc", "kerberos.PAC.OPTIONS.FLAGS.forward.to.full.dc",
9486 FT_BOOLEAN, 8, NULL, 0x20,
9487 NULL, HFILL }},
9488 { &hf_kerberos_PAC_OPTIONS_FLAGS_resource_based_constrained_delegation,
9489 { "resource-based-constrained-delegation", "kerberos.PAC.OPTIONS.FLAGS.resource.based.constrained.delegation",
9490 FT_BOOLEAN, 8, NULL, 0x10,
9491 NULL, HFILL }},
9492
9493 /*--- End of included file: packet-kerberos-hfarr.c ---*/
9494 #line 5047 "./asn1/kerberos/packet-kerberos-template.c"
9495 };
9496
9497 /* List of subtrees */
9498 static gint *ett[] = {
9499 &ett_kerberos,
9500 &ett_krb_recordmark,
9501 &ett_krb_pac,
9502 &ett_krb_pac_drep,
9503 &ett_krb_pac_midl_blob,
9504 &ett_krb_pac_logon_info,
9505 &ett_krb_pac_credential_info,
9506 &ett_krb_pac_s4u_delegation_info,
9507 &ett_krb_pac_upn_dns_info,
9508 &ett_krb_pac_device_info,
9509 &ett_krb_pac_server_checksum,
9510 &ett_krb_pac_privsvr_checksum,
9511 &ett_krb_pac_client_info_type,
9512 &ett_krb_pac_ticket_checksum,
9513 &ett_krb_pa_supported_enctypes,
9514 &ett_krb_ad_ap_options,
9515 &ett_kerberos_KERB_TICKET_LOGON,
9516 #ifdef HAVE_KERBEROS
9517 &ett_krb_pa_enc_ts_enc,
9518 &ett_kerberos_KrbFastFinished,
9519 &ett_kerberos_KrbFastResponse,
9520 &ett_kerberos_KrbFastReq,
9521 &ett_kerberos_FastOptions,
9522 #endif
9523
9524 /*--- Included file: packet-kerberos-ettarr.c ---*/
9525 #line 1 "./asn1/kerberos/packet-kerberos-ettarr.c"
9526 &ett_kerberos_Applications,
9527 &ett_kerberos_PrincipalName,
9528 &ett_kerberos_SEQUENCE_OF_KerberosString,
9529 &ett_kerberos_CName,
9530 &ett_kerberos_SEQUENCE_OF_CNameString,
9531 &ett_kerberos_SName,
9532 &ett_kerberos_SEQUENCE_OF_SNameString,
9533 &ett_kerberos_HostAddress,
9534 &ett_kerberos_HostAddresses,
9535 &ett_kerberos_AuthorizationData,
9536 &ett_kerberos_AuthorizationData_item,
9537 &ett_kerberos_PA_DATA,
9538 &ett_kerberos_EncryptionKey,
9539 &ett_kerberos_Checksum,
9540 &ett_kerberos_EncryptedTicketData,
9541 &ett_kerberos_EncryptedAuthorizationData,
9542 &ett_kerberos_EncryptedAuthenticator,
9543 &ett_kerberos_EncryptedKDCREPData,
9544 &ett_kerberos_EncryptedAPREPData,
9545 &ett_kerberos_EncryptedKrbPrivData,
9546 &ett_kerberos_EncryptedKrbCredData,
9547 &ett_kerberos_Ticket_U,
9548 &ett_kerberos_EncTicketPart_U,
9549 &ett_kerberos_TransitedEncoding,
9550 &ett_kerberos_KDC_REQ,
9551 &ett_kerberos_SEQUENCE_OF_PA_DATA,
9552 &ett_kerberos_KDC_REQ_BODY,
9553 &ett_kerberos_SEQUENCE_OF_ENCTYPE,
9554 &ett_kerberos_SEQUENCE_OF_Ticket,
9555 &ett_kerberos_KDC_REP,
9556 &ett_kerberos_EncKDCRepPart,
9557 &ett_kerberos_LastReq,
9558 &ett_kerberos_LastReq_item,
9559 &ett_kerberos_AP_REQ_U,
9560 &ett_kerberos_Authenticator_U,
9561 &ett_kerberos_AP_REP_U,
9562 &ett_kerberos_EncAPRepPart_U,
9563 &ett_kerberos_KRB_SAFE_U,
9564 &ett_kerberos_KRB_SAFE_BODY,
9565 &ett_kerberos_KRB_PRIV_U,
9566 &ett_kerberos_EncKrbPrivPart,
9567 &ett_kerberos_KRB_CRED_U,
9568 &ett_kerberos_EncKrbCredPart_U,
9569 &ett_kerberos_SEQUENCE_OF_KrbCredInfo,
9570 &ett_kerberos_KrbCredInfo,
9571 &ett_kerberos_KRB_ERROR_U,
9572 &ett_kerberos_METHOD_DATA,
9573 &ett_kerberos_PA_ENC_TIMESTAMP,
9574 &ett_kerberos_ETYPE_INFO_ENTRY,
9575 &ett_kerberos_ETYPE_INFO,
9576 &ett_kerberos_ETYPE_INFO2_ENTRY,
9577 &ett_kerberos_ETYPE_INFO2,
9578 &ett_kerberos_TGT_REQ,
9579 &ett_kerberos_TGT_REP,
9580 &ett_kerberos_APOptions,
9581 &ett_kerberos_TicketFlags,
9582 &ett_kerberos_KDCOptions,
9583 &ett_kerberos_PA_PAC_REQUEST,
9584 &ett_kerberos_PA_S4U2Self,
9585 &ett_kerberos_PA_S4U_X509_USER,
9586 &ett_kerberos_S4UUserID,
9587 &ett_kerberos_PAC_OPTIONS_FLAGS,
9588 &ett_kerberos_PA_PAC_OPTIONS,
9589 &ett_kerberos_KERB_AD_RESTRICTION_ENTRY_U,
9590 &ett_kerberos_PA_KERB_KEY_LIST_REQ,
9591 &ett_kerberos_PA_KERB_KEY_LIST_REP,
9592 &ett_kerberos_ChangePasswdData,
9593 &ett_kerberos_PA_AUTHENTICATION_SET_ELEM,
9594 &ett_kerberos_KrbFastArmor,
9595 &ett_kerberos_PA_FX_FAST_REQUEST,
9596 &ett_kerberos_EncryptedKrbFastReq,
9597 &ett_kerberos_KrbFastArmoredReq,
9598 &ett_kerberos_PA_FX_FAST_REPLY,
9599 &ett_kerberos_EncryptedKrbFastResponse,
9600 &ett_kerberos_KrbFastArmoredRep,
9601 &ett_kerberos_EncryptedChallenge,
9602 &ett_kerberos_EncryptedSpakeData,
9603 &ett_kerberos_EncryptedSpakeResponseData,
9604 &ett_kerberos_SPAKESupport,
9605 &ett_kerberos_SEQUENCE_SIZE_1_MAX_OF_SPAKEGroup,
9606 &ett_kerberos_SPAKEChallenge,
9607 &ett_kerberos_SEQUENCE_SIZE_1_MAX_OF_SPAKESecondFactor,
9608 &ett_kerberos_SPAKESecondFactor,
9609 &ett_kerberos_SPAKEResponse,
9610 &ett_kerberos_PA_SPAKE,
9611
9612 /*--- End of included file: packet-kerberos-ettarr.c ---*/
9613 #line 5076 "./asn1/kerberos/packet-kerberos-template.c"
9614 };
9615
9616 static ei_register_info ei[] = {
9617 { &ei_kerberos_missing_keytype, { "kerberos.missing_keytype", PI_DECRYPTION, PI_WARN, "Missing keytype", EXPFILL }},
9618 { &ei_kerberos_decrypted_keytype, { "kerberos.decrypted_keytype", PI_SECURITY, PI_CHAT, "Decrypted keytype", EXPFILL }},
9619 { &ei_kerberos_learnt_keytype, { "kerberos.learnt_keytype", PI_SECURITY, PI_CHAT, "Learnt keytype", EXPFILL }},
9620 { &ei_kerberos_address, { "kerberos.address.unknown", PI_UNDECODED, PI_WARN, "KRB Address: I don't know how to parse this type of address yet", EXPFILL }},
9621 { &ei_krb_gssapi_dlglen, { "kerberos.gssapi.dlglen.error", PI_MALFORMED, PI_ERROR, "DlgLen is not the same as number of bytes remaining", EXPFILL }},
9622 };
9623
9624 expert_module_t* expert_krb;
9625 module_t *krb_module;
9626
9627 proto_kerberos = proto_register_protocol("Kerberos", "KRB5", "kerberos");
9628 proto_register_field_array(proto_kerberos, hf, array_length(hf));
9629 proto_register_subtree_array(ett, array_length(ett));
9630 expert_krb = expert_register_protocol(proto_kerberos);
9631 expert_register_field_array(expert_krb, ei, array_length(ei));
9632
9633 /* Register preferences */
9634 krb_module = prefs_register_protocol(proto_kerberos, kerberos_prefs_apply_cb);
9635 prefs_register_bool_preference(krb_module, "desegment",
9636 "Reassemble Kerberos over TCP messages spanning multiple TCP segments",
9637 "Whether the Kerberos dissector should reassemble messages spanning multiple TCP segments."
9638 " To use this option, you must also enable \"Allow subdissectors to reassemble TCP streams\" in the TCP protocol settings.",
9639 &krb_desegment);
9640 #ifdef HAVE_KERBEROS
9641 prefs_register_bool_preference(krb_module, "decrypt",
9642 "Try to decrypt Kerberos blobs",
9643 "Whether the dissector should try to decrypt "
9644 "encrypted Kerberos blobs. This requires that the proper "
9645 "keytab file is installed as well.", &krb_decrypt);
9646
9647 prefs_register_filename_preference(krb_module, "file",
9648 "Kerberos keytab file",
9649 "The keytab file containing all the secrets",
9650 &keytab_filename, FALSE);
9651
9652 #if defined(HAVE_HEIMDAL_KERBEROS) || defined(HAVE_MIT_KERBEROS)
9653 wmem_register_callback(wmem_epan_scope(), enc_key_list_cb, NULL);
9654 kerberos_longterm_keys = wmem_map_new(wmem_epan_scope(),
9655 enc_key_content_hash,
9656 enc_key_content_equal);
9657 kerberos_all_keys = wmem_map_new_autoreset(wmem_epan_scope(),
9658 wmem_file_scope(),
9659 enc_key_content_hash,
9660 enc_key_content_equal);
9661 kerberos_app_session_keys = wmem_map_new_autoreset(wmem_epan_scope(),
9662 wmem_file_scope(),
9663 enc_key_content_hash,
9664 enc_key_content_equal);
9665 #endif /* defined(HAVE_HEIMDAL_KERBEROS) || defined(HAVE_MIT_KERBEROS) */
9666 #endif /* HAVE_KERBEROS */
9667
9668 }
9669 static int wrap_dissect_gss_kerb(tvbuff_t *tvb, int offset, packet_info *pinfo,
9670 proto_tree *tree, dcerpc_info *di _U_,guint8 *drep _U_)
9671 {
9672 tvbuff_t *auth_tvb;
9673
9674 auth_tvb = tvb_new_subset_remaining(tvb, offset);
9675
9676 dissect_kerberos_main(auth_tvb, pinfo, tree, FALSE, NULL);
9677
9678 return tvb_captured_length_remaining(tvb, offset);
9679 }
9680
9681
9682 static dcerpc_auth_subdissector_fns gss_kerb_auth_connect_fns = {
9683 wrap_dissect_gss_kerb, /* Bind */
9684 wrap_dissect_gss_kerb, /* Bind ACK */
9685 wrap_dissect_gss_kerb, /* AUTH3 */
9686 NULL, /* Request verifier */
9687 NULL, /* Response verifier */
9688 NULL, /* Request data */
9689 NULL /* Response data */
9690 };
9691
9692 static dcerpc_auth_subdissector_fns gss_kerb_auth_sign_fns = {
9693 wrap_dissect_gss_kerb, /* Bind */
9694 wrap_dissect_gss_kerb, /* Bind ACK */
9695 wrap_dissect_gss_kerb, /* AUTH3 */
9696 wrap_dissect_gssapi_verf, /* Request verifier */
9697 wrap_dissect_gssapi_verf, /* Response verifier */
9698 NULL, /* Request data */
9699 NULL /* Response data */
9700 };
9701
9702 static dcerpc_auth_subdissector_fns gss_kerb_auth_seal_fns = {
9703 wrap_dissect_gss_kerb, /* Bind */
9704 wrap_dissect_gss_kerb, /* Bind ACK */
9705 wrap_dissect_gss_kerb, /* AUTH3 */
9706 wrap_dissect_gssapi_verf, /* Request verifier */
9707 wrap_dissect_gssapi_verf, /* Response verifier */
9708 wrap_dissect_gssapi_payload, /* Request data */
9709 wrap_dissect_gssapi_payload /* Response data */
9710 };
9711
9712
9713
9714 void
9715 proto_reg_handoff_kerberos(void)
9716 {
9717 dissector_handle_t kerberos_handle_tcp;
9718
9719 krb4_handle = find_dissector_add_dependency("krb4", proto_kerberos);
9720
9721 kerberos_handle_udp = create_dissector_handle(dissect_kerberos_udp,
9722 proto_kerberos);
9723
9724 kerberos_handle_tcp = create_dissector_handle(dissect_kerberos_tcp,
9725 proto_kerberos);
9726
9727 dissector_add_uint_with_preference("udp.port", UDP_PORT_KERBEROS, kerberos_handle_udp);
9728 dissector_add_uint_with_preference("tcp.port", TCP_PORT_KERBEROS, kerberos_handle_tcp);
9729
9730 register_dcerpc_auth_subdissector(DCE_C_AUTHN_LEVEL_CONNECT,
9731 DCE_C_RPC_AUTHN_PROTOCOL_GSS_KERBEROS,
9732 &gss_kerb_auth_connect_fns);
9733
9734 register_dcerpc_auth_subdissector(DCE_C_AUTHN_LEVEL_PKT_INTEGRITY,
9735 DCE_C_RPC_AUTHN_PROTOCOL_GSS_KERBEROS,
9736 &gss_kerb_auth_sign_fns);
9737
9738 register_dcerpc_auth_subdissector(DCE_C_AUTHN_LEVEL_PKT_PRIVACY,
9739 DCE_C_RPC_AUTHN_PROTOCOL_GSS_KERBEROS,
9740 &gss_kerb_auth_seal_fns);
9741 }
9742
9743 /*
9744 * Editor modelines - https://www.wireshark.org/tools/modelines.html
9745 *
9746 * Local variables:
9747 * c-basic-offset: 8
9748 * tab-width: 8
9749 * indent-tabs-mode: t
9750 * End:
9751 *
9752 * vi: set shiftwidth=8 tabstop=8 noexpandtab:
9753 * :indentSize=8:tabSize=8:noTabs=false:
9754 */
9755