forked from osmocom/wireshark
Updated the Kerberos ASN.1 dissector to the point I believe it can replace the "hand made" one. Bug 8649 (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8649)
Letting the more experienced ASN.1 developers tweak it a little more before the "generated" dissector is accepted (which is why it's not included here) svn path=/trunk/; revision=49328
This commit is contained in:
parent
c1f144e9aa
commit
7efa0fdb29
|
@ -29,7 +29,7 @@ Applications ::= CHOICE {
|
||||||
encASRepPart EncASRepPart, -- 25 --
|
encASRepPart EncASRepPart, -- 25 --
|
||||||
encTGSRepPart EncTGSRepPart, -- 26 --
|
encTGSRepPart EncTGSRepPart, -- 26 --
|
||||||
encAPRepPart EncAPRepPart, -- 27 --
|
encAPRepPart EncAPRepPart, -- 27 --
|
||||||
encKrbPrivPart EncKrbPrivPart, -- 28 --
|
encKrbPrivPart ENC-KRB-PRIV-PART, -- 28 --
|
||||||
encKrbCredPart EncKrbCredPart, -- 29 --
|
encKrbCredPart EncKrbCredPart, -- 29 --
|
||||||
krb-error KRB-ERROR -- 30 --
|
krb-error KRB-ERROR -- 30 --
|
||||||
}
|
}
|
||||||
|
@ -108,11 +108,47 @@ Checksum ::= SEQUENCE {
|
||||||
checksum [1] OCTET STRING
|
checksum [1] OCTET STRING
|
||||||
}
|
}
|
||||||
|
|
||||||
|
EncryptedTicketData ::= SEQUENCE {
|
||||||
|
etype [0] ENCTYPE, -- EncryptionType - - Use k5.asn
|
||||||
|
kvno [1] UInt32 OPTIONAL,
|
||||||
|
cipher [2] OCTET STRING -- ciphertext
|
||||||
|
}
|
||||||
|
|
||||||
|
EncryptedAuthorizationData ::= SEQUENCE {
|
||||||
|
etype [0] ENCTYPE, -- EncryptionType - - Use k5.asn
|
||||||
|
kvno [1] UInt32 OPTIONAL,
|
||||||
|
cipher [2] OCTET STRING -- ciphertext
|
||||||
|
}
|
||||||
|
|
||||||
|
EncryptedKDCREPData ::= SEQUENCE {
|
||||||
|
etype [0] ENCTYPE, -- EncryptionType - - Use k5.asn
|
||||||
|
kvno [1] UInt32 OPTIONAL,
|
||||||
|
cipher [2] OCTET STRING -- ciphertext
|
||||||
|
}
|
||||||
|
|
||||||
|
EncryptedAPREPData ::= SEQUENCE {
|
||||||
|
etype [0] ENCTYPE, -- EncryptionType - - Use k5.asn
|
||||||
|
kvno [1] UInt32 OPTIONAL,
|
||||||
|
cipher [2] OCTET STRING -- ciphertext
|
||||||
|
}
|
||||||
|
|
||||||
|
EncryptedKrbPrivData ::= SEQUENCE {
|
||||||
|
etype [0] ENCTYPE, -- EncryptionType - - Use k5.asn
|
||||||
|
kvno [1] UInt32 OPTIONAL,
|
||||||
|
cipher [2] OCTET STRING -- ciphertext
|
||||||
|
}
|
||||||
|
|
||||||
|
EncryptedKrbCredData ::= SEQUENCE {
|
||||||
|
etype [0] ENCTYPE, -- EncryptionType - - Use k5.asn
|
||||||
|
kvno [1] UInt32 OPTIONAL,
|
||||||
|
cipher [2] OCTET STRING -- ciphertext
|
||||||
|
}
|
||||||
|
|
||||||
Ticket ::= [APPLICATION 1] SEQUENCE {
|
Ticket ::= [APPLICATION 1] SEQUENCE {
|
||||||
tkt-vno [0] INTEGER (5),
|
tkt-vno [0] INTEGER (5),
|
||||||
realm [1] Realm,
|
realm [1] Realm,
|
||||||
sname [2] PrincipalName,
|
sname [2] PrincipalName,
|
||||||
enc-part [3] EncryptedData -- EncTicketPart
|
enc-part [3] EncryptedTicketData
|
||||||
}
|
}
|
||||||
|
|
||||||
-- Encrypted part of ticket
|
-- Encrypted part of ticket
|
||||||
|
@ -177,14 +213,18 @@ KDC-REQ-BODY ::= SEQUENCE {
|
||||||
-- Also client's in AS-REQ --,
|
-- Also client's in AS-REQ --,
|
||||||
sname [3] PrincipalName OPTIONAL,
|
sname [3] PrincipalName OPTIONAL,
|
||||||
from [4] KerberosTime OPTIONAL,
|
from [4] KerberosTime OPTIONAL,
|
||||||
till [5] KerberosTime,
|
|
||||||
|
-- this field is not optional in the kerberos spec, however, in the packetcable spec it is optional
|
||||||
|
-- make it optional here since normal kerberos will still decode the pdu correctly.
|
||||||
|
till [5] KerberosTime OPTIONAL,
|
||||||
|
|
||||||
rtime [6] KerberosTime OPTIONAL,
|
rtime [6] KerberosTime OPTIONAL,
|
||||||
nonce [7] UInt32,
|
nonce [7] UInt32,
|
||||||
-- etype [8] SEQUENCE OF Int32 - - EncryptionType Use k5.asn
|
-- etype [8] SEQUENCE OF Int32 - - EncryptionType Use k5.asn
|
||||||
etype [8] SEQUENCE OF ENCTYPE -- EncryptionType
|
etype [8] SEQUENCE OF ENCTYPE -- EncryptionType
|
||||||
-- in preference order --,
|
-- in preference order --,
|
||||||
addresses [9] HostAddresses OPTIONAL,
|
addresses [9] HostAddresses OPTIONAL,
|
||||||
enc-authorization-data [10] EncryptedData OPTIONAL
|
enc-authorization-data [10] EncryptedAuthorizationData OPTIONAL
|
||||||
-- AuthorizationData --,
|
-- AuthorizationData --,
|
||||||
additional-tickets [11] SEQUENCE OF Ticket OPTIONAL
|
additional-tickets [11] SEQUENCE OF Ticket OPTIONAL
|
||||||
-- NOTE: not empty
|
-- NOTE: not empty
|
||||||
|
@ -231,7 +271,7 @@ KDC-REP ::= SEQUENCE {
|
||||||
crealm [3] Realm,
|
crealm [3] Realm,
|
||||||
cname [4] PrincipalName,
|
cname [4] PrincipalName,
|
||||||
ticket [5] Ticket,
|
ticket [5] Ticket,
|
||||||
enc-part [6] EncryptedData
|
enc-part [6] EncryptedKDCREPData
|
||||||
-- EncASRepPart or EncTGSRepPart,
|
-- EncASRepPart or EncTGSRepPart,
|
||||||
-- as appropriate
|
-- as appropriate
|
||||||
}
|
}
|
||||||
|
@ -268,7 +308,7 @@ AP-REQ ::= [APPLICATION 14] SEQUENCE {
|
||||||
msg-type [1] MESSAGE-TYPE,
|
msg-type [1] MESSAGE-TYPE,
|
||||||
ap-options [2] APOptions,
|
ap-options [2] APOptions,
|
||||||
ticket [3] Ticket,
|
ticket [3] Ticket,
|
||||||
authenticator [4] EncryptedData -- Authenticator
|
authenticator [4] EncryptedAuthorizationData -- Authenticator
|
||||||
}
|
}
|
||||||
-- Use the krb5.asn def.
|
-- Use the krb5.asn def.
|
||||||
--APOptions ::= KerberosFlags
|
--APOptions ::= KerberosFlags
|
||||||
|
@ -293,7 +333,7 @@ AP-REP ::= [APPLICATION 15] SEQUENCE {
|
||||||
pvno [0] INTEGER (5),
|
pvno [0] INTEGER (5),
|
||||||
-- msg-type [1] INTEGER (15), Use k5.asn
|
-- msg-type [1] INTEGER (15), Use k5.asn
|
||||||
msg-type [1] MESSAGE-TYPE,
|
msg-type [1] MESSAGE-TYPE,
|
||||||
enc-part [2] EncryptedData -- EncAPRepPart
|
enc-part [2] EncryptedAPREPData -- EncAPRepPart
|
||||||
}
|
}
|
||||||
|
|
||||||
EncAPRepPart ::= [APPLICATION 27] SEQUENCE {
|
EncAPRepPart ::= [APPLICATION 27] SEQUENCE {
|
||||||
|
@ -316,7 +356,7 @@ KRB-SAFE-BODY ::= SEQUENCE {
|
||||||
timestamp [1] KerberosTime OPTIONAL,
|
timestamp [1] KerberosTime OPTIONAL,
|
||||||
usec [2] Microseconds OPTIONAL,
|
usec [2] Microseconds OPTIONAL,
|
||||||
seq-number [3] UInt32 OPTIONAL,
|
seq-number [3] UInt32 OPTIONAL,
|
||||||
s-address [4] HostAddress,
|
s-address [4] HostAddress OPTIONAL, -- XXX this one is OPTIONAL in packetcable? but mandatory in kerberos
|
||||||
r-address [5] HostAddress OPTIONAL
|
r-address [5] HostAddress OPTIONAL
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -325,10 +365,12 @@ KRB-PRIV ::= [APPLICATION 21] SEQUENCE {
|
||||||
-- msg-type [1] INTEGER (21), Use k5.asn
|
-- msg-type [1] INTEGER (21), Use k5.asn
|
||||||
msg-type [1] MESSAGE-TYPE,
|
msg-type [1] MESSAGE-TYPE,
|
||||||
-- NOTE: there is no [2] tag
|
-- NOTE: there is no [2] tag
|
||||||
enc-part [3] EncryptedData -- EncKrbPrivPart
|
enc-part [3] EncryptedKrbPrivData -- EncKrbPrivPart
|
||||||
}
|
}
|
||||||
|
|
||||||
EncKrbPrivPart ::= [APPLICATION 28] SEQUENCE {
|
ENC-KRB-PRIV-PART ::= [APPLICATION 28] EncKrbPrivPart
|
||||||
|
|
||||||
|
EncKrbPrivPart ::= SEQUENCE {
|
||||||
user-data [0] OCTET STRING,
|
user-data [0] OCTET STRING,
|
||||||
timestamp [1] KerberosTime OPTIONAL,
|
timestamp [1] KerberosTime OPTIONAL,
|
||||||
usec [2] Microseconds OPTIONAL,
|
usec [2] Microseconds OPTIONAL,
|
||||||
|
@ -342,7 +384,7 @@ KRB-CRED ::= [APPLICATION 22] SEQUENCE {
|
||||||
-- msg-type [1] INTEGER (22), use k5.asn
|
-- msg-type [1] INTEGER (22), use k5.asn
|
||||||
msg-type [1] MESSAGE-TYPE,
|
msg-type [1] MESSAGE-TYPE,
|
||||||
tickets [2] SEQUENCE OF Ticket,
|
tickets [2] SEQUENCE OF Ticket,
|
||||||
enc-part [3] EncryptedData -- EncKrbCredPart
|
enc-part [3] EncryptedKrbCredData -- EncKrbCredPart
|
||||||
}
|
}
|
||||||
|
|
||||||
EncKrbCredPart ::= [APPLICATION 29] SEQUENCE {
|
EncKrbCredPart ::= [APPLICATION 29] SEQUENCE {
|
||||||
|
@ -383,7 +425,8 @@ KRB-ERROR ::= [APPLICATION 30] SEQUENCE {
|
||||||
realm [9] Realm -- service realm --,
|
realm [9] Realm -- service realm --,
|
||||||
sname [10] PrincipalName -- service name --,
|
sname [10] PrincipalName -- service name --,
|
||||||
e-text [11] KerberosString OPTIONAL,
|
e-text [11] KerberosString OPTIONAL,
|
||||||
e-data [12] OCTET STRING OPTIONAL
|
e-data [12] OCTET STRING OPTIONAL,
|
||||||
|
e-checksum [13] Checksum OPTIONAL -- used by PacketCable
|
||||||
}
|
}
|
||||||
|
|
||||||
METHOD-DATA ::= SEQUENCE OF PA-DATA
|
METHOD-DATA ::= SEQUENCE OF PA-DATA
|
||||||
|
@ -395,7 +438,11 @@ TYPED-DATA ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE {
|
||||||
|
|
||||||
-- preauth stuff follows
|
-- preauth stuff follows
|
||||||
|
|
||||||
PA-ENC-TIMESTAMP ::= EncryptedData -- PA-ENC-TS-ENC
|
PA-ENC-TIMESTAMP ::= SEQUENCE {
|
||||||
|
etype [0] ENCTYPE -- EncryptionType --,
|
||||||
|
kvno [1] UInt32 OPTIONAL,
|
||||||
|
cipher [2] OCTET STRING -- ciphertext
|
||||||
|
}
|
||||||
|
|
||||||
PA-ENC-TS-ENC ::= SEQUENCE {
|
PA-ENC-TS-ENC ::= SEQUENCE {
|
||||||
patimestamp [0] KerberosTime -- client's time --,
|
patimestamp [0] KerberosTime -- client's time --,
|
||||||
|
|
|
@ -324,7 +324,7 @@ KDCOptions ::= BIT STRING {
|
||||||
renewable(8),
|
renewable(8),
|
||||||
unused9(9),
|
unused9(9),
|
||||||
unused10(10),
|
unused10(10),
|
||||||
unused11(11),
|
opt-hardware-auth(11), -- taken from KerberosV5Spec2.asn
|
||||||
request-anonymous(14),
|
request-anonymous(14),
|
||||||
canonicalize(15),
|
canonicalize(15),
|
||||||
constrained-delegation(16), -- ms extension
|
constrained-delegation(16), -- ms extension
|
||||||
|
|
|
@ -11,12 +11,27 @@ Realm
|
||||||
#.FIELD_RENAME
|
#.FIELD_RENAME
|
||||||
EncryptedData/etype encryptedData_etype
|
EncryptedData/etype encryptedData_etype
|
||||||
KDC-REQ-BODY/etype kDC-REQ-BODY_etype
|
KDC-REQ-BODY/etype kDC-REQ-BODY_etype
|
||||||
|
KRB-SAFE-BODY/user-data kRB-SAFE-BODY_user_data
|
||||||
|
EncKrbPrivPart/user-data encKrbPrivPart_user_data
|
||||||
|
EncryptedTicketData/cipher encryptedTicketData_cipher
|
||||||
|
EncryptedAuthorizationData/cipher encryptedAuthorizationData_cipher
|
||||||
|
EncryptedKDCREPData/cipher encryptedKDCREPData_cipher
|
||||||
|
PA-ENC-TIMESTAMP/cipher pA-ENC-TIMESTAMP_cipher
|
||||||
|
EncryptedAPREPData/cipher encryptedAPREPData_cipher
|
||||||
|
EncryptedKrbPrivData/cipher encryptedKrbPrivData_cipher
|
||||||
|
EncryptedKrbCredData/cipher encryptedKrbCredData_cipher
|
||||||
|
KRB-CRED/_untag/enc-part kRB_CRED_enc_part
|
||||||
|
KRB-PRIV/_untag/enc-part kRB_PRIV_enc_part
|
||||||
|
AP-REP/_untag/enc-part aP_REP_enc_part
|
||||||
|
KDC-REP/enc-part kDC_REP_enc_part
|
||||||
|
Ticket/_untag/enc-part ticket_enc_part
|
||||||
|
|
||||||
|
|
||||||
#.FN_BODY MESSAGE-TYPE VAL_PTR = &msgtype
|
#.FN_BODY MESSAGE-TYPE VAL_PTR = &msgtype
|
||||||
guint32 msgtype;
|
guint32 msgtype;
|
||||||
|
|
||||||
%(DEFAULT_BODY)s
|
%(DEFAULT_BODY)s
|
||||||
if (do_col_info & check_col(actx->pinfo->cinfo, COL_INFO)) {
|
if (do_col_info) {
|
||||||
col_add_str(actx->pinfo->cinfo, COL_INFO,
|
col_add_str(actx->pinfo->cinfo, COL_INFO,
|
||||||
val_to_str(msgtype, krb5_msg_types,
|
val_to_str(msgtype, krb5_msg_types,
|
||||||
"Unknown msg type %%#x"));
|
"Unknown msg type %%#x"));
|
||||||
|
@ -29,7 +44,7 @@ guint32 msgtype;
|
||||||
|
|
||||||
#.FN_BODY ERROR-CODE VAL_PTR = &krb5_errorcode
|
#.FN_BODY ERROR-CODE VAL_PTR = &krb5_errorcode
|
||||||
%(DEFAULT_BODY)s
|
%(DEFAULT_BODY)s
|
||||||
if(krb5_errorcode && check_col(actx->pinfo->cinfo, COL_INFO)) {
|
if(krb5_errorcode) {
|
||||||
col_add_fstr(actx->pinfo->cinfo, COL_INFO,
|
col_add_fstr(actx->pinfo->cinfo, COL_INFO,
|
||||||
"KRB Error: %%s",
|
"KRB Error: %%s",
|
||||||
val_to_str(krb5_errorcode, krb5_error_codes,
|
val_to_str(krb5_errorcode, krb5_error_codes,
|
||||||
|
@ -63,24 +78,32 @@ guint32 msgtype;
|
||||||
#.FN_BODY Int32 VAL_PTR = actx->value_ptr
|
#.FN_BODY Int32 VAL_PTR = actx->value_ptr
|
||||||
%(DEFAULT_BODY)s
|
%(DEFAULT_BODY)s
|
||||||
|
|
||||||
#.FN_BODY PADATA-TYPE VAL_PTR = &krb_PA_DATA_type
|
#.FN_BODY PADATA-TYPE
|
||||||
|
|
||||||
%(DEFAULT_BODY)s
|
actx->value_ptr = ep_alloc(sizeof(guint32));
|
||||||
|
|
||||||
|
offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
|
||||||
|
actx->value_ptr);
|
||||||
|
|
||||||
if(tree){
|
if(tree){
|
||||||
proto_item_append_text(tree, " %%s",
|
proto_item_append_text(tree, " %%s",
|
||||||
val_to_str(krb_PA_DATA_type, krb5_preauthentication_types,
|
val_to_str(*((guint32*)actx->value_ptr), krb5_preauthentication_types,
|
||||||
"Unknown:%%d"));
|
"Unknown:%%d"));
|
||||||
}
|
}
|
||||||
|
|
||||||
#.FN_BODY PA-DATA/padata-value
|
#.FN_BODY PA-DATA/padata-value
|
||||||
proto_tree *sub_tree=tree;
|
proto_tree *sub_tree=tree;
|
||||||
|
guint32 PA_DATA_type = 0;
|
||||||
|
|
||||||
|
if (actx->value_ptr) {
|
||||||
|
PA_DATA_type = *((guint32*)actx->value_ptr);
|
||||||
|
}
|
||||||
|
|
||||||
if(actx->created_item){
|
if(actx->created_item){
|
||||||
sub_tree=proto_item_add_subtree(actx->created_item, ett_kerberos_PA_DATA);
|
sub_tree=proto_item_add_subtree(actx->created_item, ett_kerberos_PA_DATA);
|
||||||
}
|
}
|
||||||
|
|
||||||
switch(krb_PA_DATA_type){
|
switch(PA_DATA_type){
|
||||||
case KRB5_PA_TGS_REQ:
|
case KRB5_PA_TGS_REQ:
|
||||||
offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_Applications);
|
offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_Applications);
|
||||||
break;
|
break;
|
||||||
|
@ -114,10 +137,6 @@ proto_tree *sub_tree=tree;
|
||||||
default:
|
default:
|
||||||
offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, NULL);
|
offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, NULL);
|
||||||
}
|
}
|
||||||
/*qqq*/
|
|
||||||
|
|
||||||
#.FN_BODY ADDR-TYPE VAL_PTR = &addr_type
|
|
||||||
%(DEFAULT_BODY)s
|
|
||||||
|
|
||||||
#.FN_BODY HostAddress/address
|
#.FN_BODY HostAddress/address
|
||||||
gint8 class;
|
gint8 class;
|
||||||
|
@ -126,18 +145,22 @@ proto_tree *sub_tree=tree;
|
||||||
guint32 len;
|
guint32 len;
|
||||||
char *address_str;
|
char *address_str;
|
||||||
proto_item *it=NULL;
|
proto_item *it=NULL;
|
||||||
|
guint32 addr_type = 0;
|
||||||
|
|
||||||
/* read header and len for the octet string */
|
/* read header and len for the octet string */
|
||||||
offset=dissect_ber_identifier(actx->pinfo, tree, tvb, offset, &class, &pc, &tag);
|
offset=dissect_ber_identifier(actx->pinfo, tree, tvb, offset, &class, &pc, &tag);
|
||||||
offset=dissect_ber_length(actx->pinfo, tree, tvb, offset, &len, NULL);
|
offset=dissect_ber_length(actx->pinfo, tree, tvb, offset, &len, NULL);
|
||||||
|
|
||||||
address_str=ep_alloc(256);
|
if (actx->value_ptr) {
|
||||||
|
addr_type = *((guint32*)actx->value_ptr);
|
||||||
|
}
|
||||||
|
|
||||||
|
address_str=ep_alloc(ADDRESS_STR_BUFSIZ);
|
||||||
address_str[0]=0;
|
address_str[0]=0;
|
||||||
address_str[255]=0;
|
|
||||||
switch(addr_type){
|
switch(addr_type){
|
||||||
case KRB5_ADDR_IPv4:
|
case KRB5_ADDR_IPv4:
|
||||||
it=proto_tree_add_item(tree, hf_krb_address_ip, tvb, offset, 4, ENC_BIG_ENDIAN);
|
it=proto_tree_add_item(tree, hf_krb_address_ip, tvb, offset, 4, ENC_BIG_ENDIAN);
|
||||||
g_snprintf(address_str,256,"%d.%d.%d.%d",tvb_get_guint8(tvb, offset),tvb_get_guint8(tvb, offset+1),tvb_get_guint8(tvb, offset+2),tvb_get_guint8(tvb, offset+3));
|
g_snprintf(address_str,ADDRESS_STR_BUFSIZ,"%d.%d.%d.%d",tvb_get_guint8(tvb, offset),tvb_get_guint8(tvb, offset+1),tvb_get_guint8(tvb, offset+2),tvb_get_guint8(tvb, offset+3));
|
||||||
break;
|
break;
|
||||||
case KRB5_ADDR_NETBIOS:
|
case KRB5_ADDR_NETBIOS:
|
||||||
{
|
{
|
||||||
|
@ -146,13 +169,13 @@ proto_tree *sub_tree=tree;
|
||||||
int netbios_name_len = (NETBIOS_NAME_LEN - 1)*4 + 1;
|
int netbios_name_len = (NETBIOS_NAME_LEN - 1)*4 + 1;
|
||||||
|
|
||||||
netbios_name_type = process_netbios_name(tvb_get_ptr(tvb, offset, 16), netbios_name, netbios_name_len);
|
netbios_name_type = process_netbios_name(tvb_get_ptr(tvb, offset, 16), netbios_name, netbios_name_len);
|
||||||
g_snprintf(address_str, 255, "%s<%02x>", netbios_name, netbios_name_type);
|
g_snprintf(address_str, ADDRESS_STR_BUFSIZ, "%s<%02x>", netbios_name, netbios_name_type);
|
||||||
it=proto_tree_add_string_format(tree, hf_krb_address_netbios, tvb, offset, 16, netbios_name, "NetBIOS Name: %s (%s)", address_str, netbios_name_type_descr(netbios_name_type));
|
it=proto_tree_add_string_format(tree, hf_krb_address_netbios, tvb, offset, 16, netbios_name, "NetBIOS Name: %s (%s)", address_str, netbios_name_type_descr(netbios_name_type));
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case KRB5_ADDR_IPv6:
|
case KRB5_ADDR_IPv6:
|
||||||
it=proto_tree_add_item(tree, hf_krb_address_ipv6, tvb, offset, INET6_ADDRLEN, ENC_NA);
|
it=proto_tree_add_item(tree, hf_krb_address_ipv6, tvb, offset, INET6_ADDRLEN, ENC_NA);
|
||||||
g_snprintf(address_str, 256, "%s", ip6_to_str((const struct e_in6_addr *)tvb_get_ptr(tvb, offset, INET6_ADDRLEN)));
|
g_snprintf(address_str, ADDRESS_STR_BUFSIZ, "%s", ip6_to_str((const struct e_in6_addr *)tvb_get_ptr(tvb, offset, INET6_ADDRLEN)));
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
proto_tree_add_text(tree, tvb, offset, len, "KRB Address: I dont know how to parse this type of address yet");
|
proto_tree_add_text(tree, tvb, offset, len, "KRB Address: I dont know how to parse this type of address yet");
|
||||||
|
@ -172,4 +195,181 @@ proto_tree *sub_tree=tree;
|
||||||
#.TYPE_ATTR
|
#.TYPE_ATTR
|
||||||
#xxx TYPE = FT_UINT16 DISPLAY = BASE_DEC STRINGS = VALS(xx_vals)
|
#xxx TYPE = FT_UINT16 DISPLAY = BASE_DEC STRINGS = VALS(xx_vals)
|
||||||
|
|
||||||
|
#.FN_BODY ENCTYPE
|
||||||
|
actx->value_ptr = ep_alloc(sizeof(guint32));
|
||||||
|
|
||||||
|
offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
|
||||||
|
actx->value_ptr);
|
||||||
|
|
||||||
|
#.FN_BODY EncryptedTicketData/cipher
|
||||||
|
/**/#ifdef HAVE_KERBEROS
|
||||||
|
offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_ticket_data);
|
||||||
|
/**/#else
|
||||||
|
%(DEFAULT_BODY)s
|
||||||
|
/**/#endif
|
||||||
|
return offset;
|
||||||
|
|
||||||
|
#.FN_BODY EncryptedAuthorizationData/cipher
|
||||||
|
/**/#ifdef HAVE_KERBEROS
|
||||||
|
offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_authenticator_data);
|
||||||
|
/**/#else
|
||||||
|
%(DEFAULT_BODY)s
|
||||||
|
/**/#endif
|
||||||
|
return offset;
|
||||||
|
|
||||||
|
#.FN_BODY EncryptedKDCREPData/cipher
|
||||||
|
/**/#ifdef HAVE_KERBEROS
|
||||||
|
offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_KDC_REP_data);
|
||||||
|
/**/#else
|
||||||
|
%(DEFAULT_BODY)s
|
||||||
|
/**/#endif
|
||||||
|
return offset;
|
||||||
|
|
||||||
|
#.FN_BODY PA-ENC-TIMESTAMP/cipher
|
||||||
|
/**/#ifdef HAVE_KERBEROS
|
||||||
|
offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_PA_ENC_TIMESTAMP);
|
||||||
|
/**/#else
|
||||||
|
%(DEFAULT_BODY)s
|
||||||
|
/**/#endif
|
||||||
|
return offset;
|
||||||
|
|
||||||
|
#.FN_BODY EncryptedAPREPData/cipher
|
||||||
|
/**/#ifdef HAVE_KERBEROS
|
||||||
|
offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_AP_REP_data);
|
||||||
|
/**/#else
|
||||||
|
%(DEFAULT_BODY)s
|
||||||
|
/**/#endif
|
||||||
|
return offset;
|
||||||
|
|
||||||
|
#.FN_BODY EncryptedKrbPrivData/cipher
|
||||||
|
/**/#ifdef HAVE_KERBEROS
|
||||||
|
offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_PRIV_data);
|
||||||
|
/**/#else
|
||||||
|
%(DEFAULT_BODY)s
|
||||||
|
/**/#endif
|
||||||
|
return offset;
|
||||||
|
|
||||||
|
#.FN_BODY EncryptedKrbCredData/cipher
|
||||||
|
/**/#ifdef HAVE_KERBEROS
|
||||||
|
offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_CRED_data);
|
||||||
|
/**/#else
|
||||||
|
%(DEFAULT_BODY)s
|
||||||
|
/**/#endif
|
||||||
|
return offset;
|
||||||
|
|
||||||
|
|
||||||
|
#.FN_BODY CKSUMTYPE
|
||||||
|
actx->value_ptr = ep_alloc(sizeof(guint32));
|
||||||
|
|
||||||
|
offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
|
||||||
|
actx->value_ptr);
|
||||||
|
|
||||||
|
#.FN_BODY Checksum/checksum
|
||||||
|
tvbuff_t *next_tvb;
|
||||||
|
guint32 checksum_type = 0;
|
||||||
|
|
||||||
|
if (actx->value_ptr) {
|
||||||
|
checksum_type = *((guint32*)actx->value_ptr);
|
||||||
|
}
|
||||||
|
|
||||||
|
switch(checksum_type){
|
||||||
|
case KRB5_CHKSUM_GSSAPI:
|
||||||
|
offset=dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_index, &next_tvb);
|
||||||
|
dissect_krb5_rfc1964_checksum(actx, tree, next_tvb);
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
offset=dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_index, NULL);
|
||||||
|
}
|
||||||
|
return offset;
|
||||||
|
|
||||||
|
#.FN_BODY EncryptionKey/keytype
|
||||||
|
kerberos_key_t* key = ep_alloc(sizeof(kerberos_key_t));
|
||||||
|
actx->value_ptr = key;
|
||||||
|
|
||||||
|
offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
|
||||||
|
key->keytype);
|
||||||
|
|
||||||
|
#.FN_BODY EncryptionKey/keyvalue
|
||||||
|
kerberos_key_t* key = (kerberos_key_t*)actx->value_ptr;
|
||||||
|
|
||||||
|
if (key != NULL) {
|
||||||
|
key->keylength = tvb_length_remaining(tvb, offset);
|
||||||
|
key->keyvalue = tvb_get_ptr(tvb, offset, key->keylength);
|
||||||
|
}
|
||||||
|
|
||||||
|
%(DEFAULT_BODY)s
|
||||||
|
|
||||||
|
#.FN_BODY EncryptionKey
|
||||||
|
kerberos_key_t* key = (kerberos_key_t*)actx->value_ptr;
|
||||||
|
|
||||||
|
%(DEFAULT_BODY)s
|
||||||
|
|
||||||
|
if (key != NULL) {
|
||||||
|
add_encryption_key(actx->pinfo, key->keytype, key->keylength, key->keyvalue, "key");
|
||||||
|
}
|
||||||
|
|
||||||
|
#.FN_BODY AuthorizationData/_item/ad-type
|
||||||
|
actx->value_ptr = ep_alloc(sizeof(guint32));
|
||||||
|
|
||||||
|
offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
|
||||||
|
actx->value_ptr);
|
||||||
|
|
||||||
|
#.FN_BODY AuthorizationData/_item/ad-data
|
||||||
|
guint32 adtype = 0;
|
||||||
|
|
||||||
|
if (actx->value_ptr) {
|
||||||
|
adtype = *((guint32*)actx->value_ptr);
|
||||||
|
}
|
||||||
|
|
||||||
|
switch(adtype){
|
||||||
|
case KRB5_AD_IF_RELEVANT:
|
||||||
|
offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset, hf_index, dissect_kerberos_AD_IF_RELEVANT);
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
offset=dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index, NULL);
|
||||||
|
}
|
||||||
|
|
||||||
|
#.FN_BODY HostAddress/addr-type
|
||||||
|
actx->value_ptr = ep_alloc(sizeof(guint32));
|
||||||
|
|
||||||
|
offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
|
||||||
|
actx->value_ptr);
|
||||||
|
|
||||||
|
|
||||||
|
#.FN_BODY KDC-REQ-BODY
|
||||||
|
conversation_t *conversation;
|
||||||
|
|
||||||
|
/*
|
||||||
|
* UDP replies to KDC_REQs are sent from the server back to the client's
|
||||||
|
* source port, similar to the way TFTP works. Set up a conversation
|
||||||
|
* accordingly.
|
||||||
|
*
|
||||||
|
* Ref: Section 7.2.1 of
|
||||||
|
* http://www.ietf.org/internet-drafts/draft-ietf-krb-wg-kerberos-clarifications-07.txt
|
||||||
|
*/
|
||||||
|
if (actx->pinfo->destport == UDP_PORT_KERBEROS && actx->pinfo->ptype == PT_UDP) {
|
||||||
|
conversation = find_conversation(actx->pinfo->fd->num, &actx->pinfo->src, &actx->pinfo->dst, PT_UDP,
|
||||||
|
actx->pinfo->srcport, 0, NO_PORT_B);
|
||||||
|
if (conversation == NULL) {
|
||||||
|
conversation = conversation_new(actx->pinfo->fd->num, &actx->pinfo->src, &actx->pinfo->dst, PT_UDP,
|
||||||
|
actx->pinfo->srcport, 0, NO_PORT2);
|
||||||
|
conversation_set_dissector(conversation, kerberos_handle_udp);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
%(DEFAULT_BODY)s
|
||||||
|
|
||||||
|
#.FN_BODY KRB-SAFE-BODY/user-data
|
||||||
|
tvbuff_t *new_tvb;
|
||||||
|
offset=dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_index, &new_tvb);
|
||||||
|
if (new_tvb) {
|
||||||
|
call_kerberos_callbacks(actx->pinfo, tree, new_tvb, KRB_CBTAG_SAFE_USER_DATA);
|
||||||
|
}
|
||||||
|
|
||||||
|
#.FN_BODY EncKrbPrivPart/user-data
|
||||||
|
tvbuff_t *new_tvb;
|
||||||
|
offset=dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_index, &new_tvb);
|
||||||
|
if (new_tvb) {
|
||||||
|
call_kerberos_callbacks(actx->pinfo, tree, new_tvb, KRB_CBTAG_PRIV_USER_DATA);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -23,8 +23,10 @@
|
||||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#ifndef PACKET_KERBEROS_H
|
#ifndef __PACKET_KERBEROS_H
|
||||||
#define PACKET_KERBEROS_H
|
#define __PACKET_KERBEROS_H
|
||||||
|
|
||||||
|
#include "ws_symbol_export.h"
|
||||||
|
|
||||||
/* This is a list of callback functions a caller can use to specify that
|
/* This is a list of callback functions a caller can use to specify that
|
||||||
octet strings in kerberos to be passed back to application specific
|
octet strings in kerberos to be passed back to application specific
|
||||||
|
@ -81,8 +83,7 @@ extern enc_key_t *enc_key_list;
|
||||||
guint8 *
|
guint8 *
|
||||||
decrypt_krb5_data(proto_tree *tree, packet_info *pinfo,
|
decrypt_krb5_data(proto_tree *tree, packet_info *pinfo,
|
||||||
int usage,
|
int usage,
|
||||||
int length,
|
tvbuff_t *crypototvb,
|
||||||
const guint8 *cryptotext,
|
|
||||||
int keytype,
|
int keytype,
|
||||||
int *datalen);
|
int *datalen);
|
||||||
|
|
||||||
|
@ -90,11 +91,14 @@ decrypt_krb5_data(proto_tree *tree, packet_info *pinfo,
|
||||||
|
|
||||||
extern gboolean krb_decrypt;
|
extern gboolean krb_decrypt;
|
||||||
|
|
||||||
|
WS_DLL_PUBLIC
|
||||||
|
void read_keytab_file_from_preferences(void);
|
||||||
|
|
||||||
#endif /* HAVE_KERBEROS */
|
#endif /* HAVE_KERBEROS */
|
||||||
|
|
||||||
|
|
||||||
#include "packet-kerberos-exp.h"
|
#include "packet-kerberos-exp.h"
|
||||||
|
|
||||||
#endif /* PACKET_KERBEROS_H */
|
#endif /* __PACKET_KERBEROS_H */
|
||||||
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue