osmith
/
wireshark
forked from osmocom/wireshark
1
0
Fork 0
Code Pull Requests Releases Wiki Activity

krb5: add TGT-REQ/TGT-REP dissection per the U2U RFC draft 

https://datatracker.ietf.org/doc/html/draft-swift-win2k-krb-user2user-03
This commit is contained in:
Isaac Boukris 2021-05-22 15:58:38 +03:00 committed by Wireshark GitLab Utility
parent 33a61d14b5
commit f94f22b7f8
8 changed files with 142 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
epan/dissectors/asn1/kerberos/KerberosV5Spec2.asn
View File

@ -500,4 +500,17 @@ AD-AND-OR ::= SEQUENCE {
AD-MANDATORY-FOR-KDC ::= AuthorizationData
TGT-REQ ::= SEQUENCE {
pvno [0] INTEGER (5),
msg-type [1] MESSAGE-TYPE (16),
server-name [2] PrincipalName OPTIONAL,
realm [3] Realm OPTIONAL
}
TGT-REP ::= SEQUENCE {
pvno [0] INTEGER (5),
msg-type [1] MESSAGE-TYPE (17),
ticket [2] Ticket
}
END

2
epan/dissectors/asn1/kerberos/k5.asn
View File

@ -35,6 +35,8 @@ MESSAGE-TYPE ::= INTEGER {
krb-tgs-rep(13), -- Response to KRB_TGS_REQ request
krb-ap-req(14), -- application request to server
krb-ap-rep(15), -- Response to KRB_AP_REQ_MUTUAL
krb-tgt-req(16), -- TGT-REQ used in U2U
krb-tgt-rep(17), -- TGT-REP used in U2U
krb-safe(20), -- Safe (checksummed) application message
krb-priv(21), -- Private (encrypted) application message
krb-cred(22), -- Private (encrypted) message to forward credentials

2
epan/dissectors/asn1/kerberos/kerberos.cnf
View File

@ -5,6 +5,8 @@
#.EXPORTS
ChangePasswdData
Applications ONLY_ENUM
TGT-REQ
TGT-REP
#.FIELD_RENAME
Authenticator/_untag/subkey authenticator_subkey

4
epan/dissectors/asn1/kerberos/packet-kerberos-template.c
View File

@ -2449,6 +2449,8 @@ decrypt_krb5_krb_cfx_dce(proto_tree *tree _U_,
#define KRB5_MSG_TGS_REP 13 /* TGS-REP type */
#define KRB5_MSG_AP_REQ 14 /* AP-REQ type */
#define KRB5_MSG_AP_REP 15 /* AP-REP type */
#define KRB5_MSG_TGT_REQ 16 /* TGT-REQ type */
#define KRB5_MSG_TGT_REP 17 /* TGT-REP type */
#define KRB5_MSG_SAFE 20 /* KRB-SAFE type */
#define KRB5_MSG_PRIV 21 /* KRB-PRIV type */
@ -2679,6 +2681,8 @@ static const value_string krb5_msg_types[] = {
{ KRB5_MSG_AS_REP, "AS-REP" },
{ KRB5_MSG_AP_REQ, "AP-REQ" },
{ KRB5_MSG_AP_REP, "AP-REP" },
{ KRB5_MSG_TGT_REQ, "TGT-REQ" },
{ KRB5_MSG_TGT_REP, "TGT-REP" },
{ KRB5_MSG_SAFE, "KRB-SAFE" },
{ KRB5_MSG_PRIV, "KRB-PRIV" },
{ KRB5_MSG_CRED, "KRB-CRED" },

11
epan/dissectors/asn1/spnego/packet-spnego-template.c
View File

@ -108,6 +108,8 @@ static int dissect_spnego_NegTokenInit2(gboolean implicit_tag, tvbuff_t *tvb,
#define KRB_TOKEN_GETMIC 0x0101
#define KRB_TOKEN_WRAP 0x0102
#define KRB_TOKEN_DELETE_SEC_CONTEXT 0x0201
#define KRB_TOKEN_TGT_REQ 0x0004
#define KRB_TOKEN_TGT_REP 0x0104
#define KRB_TOKEN_CFX_GETMIC 0x0404
#define KRB_TOKEN_CFX_WRAP 0x0405
@ -118,6 +120,8 @@ static const value_string spnego_krb5_tok_id_vals[] = {
{ KRB_TOKEN_GETMIC, "KRB5_GSS_GetMIC" },
{ KRB_TOKEN_WRAP, "KRB5_GSS_Wrap" },
{ KRB_TOKEN_DELETE_SEC_CONTEXT, "KRB5_GSS_Delete_sec_context" },
{ KRB_TOKEN_TGT_REQ, "KERB_TGT_REQUEST" },
{ KRB_TOKEN_TGT_REP, "KERB_TGT_REPLY" },
{ KRB_TOKEN_CFX_GETMIC, "KRB_TOKEN_CFX_GetMic" },
{ KRB_TOKEN_CFX_WRAP, "KRB_TOKEN_CFX_WRAP" },
{ 0, NULL}
@ -264,6 +268,13 @@ dissect_spnego_krb5(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* d
switch (token_id) {
case KRB_TOKEN_TGT_REQ:
offset = dissect_kerberos_TGT_REQ(FALSE, tvb, offset, &asn1_ctx, subtree, -1);
break;
case KRB_TOKEN_TGT_REP:
offset = dissect_kerberos_TGT_REP(FALSE, tvb, offset, &asn1_ctx, subtree, -1);
break;
case KRB_TOKEN_AP_REQ:
case KRB_TOKEN_AP_REP:
case KRB_TOKEN_AP_ERR:

142
epan/dissectors/packet-kerberos.c
View File

@ -417,6 +417,7 @@ static int hf_kerberos_ETYPE_INFO_item = -1; /* ETYPE_INFO_ENTRY */
static int hf_kerberos_info2_salt = -1; /* KerberosString */
static int hf_kerberos_s2kparams = -1; /* OCTET_STRING */
static int hf_kerberos_ETYPE_INFO2_item = -1; /* ETYPE_INFO2_ENTRY */
static int hf_kerberos_server_name = -1; /* PrincipalName */
static int hf_kerberos_include_pac = -1; /* BOOLEAN */
static int hf_kerberos_name = -1; /* PrincipalName */
static int hf_kerberos_auth = -1; /* GeneralString */
@ -598,6 +599,8 @@ static gint ett_kerberos_ETYPE_INFO_ENTRY = -1;
static gint ett_kerberos_ETYPE_INFO = -1;
static gint ett_kerberos_ETYPE_INFO2_ENTRY = -1;
static gint ett_kerberos_ETYPE_INFO2 = -1;
static gint ett_kerberos_TGT_REQ = -1;
static gint ett_kerberos_TGT_REP = -1;
static gint ett_kerberos_APOptions = -1;
static gint ett_kerberos_TicketFlags = -1;
static gint ett_kerberos_KDCOptions = -1;
@ -2889,6 +2892,8 @@ decrypt_krb5_krb_cfx_dce(proto_tree *tree _U_,
#define KRB5_MSG_TGS_REP 13 /* TGS-REP type */
#define KRB5_MSG_AP_REQ 14 /* AP-REQ type */
#define KRB5_MSG_AP_REP 15 /* AP-REP type */
#define KRB5_MSG_TGT_REQ 16 /* TGT-REQ type */
#define KRB5_MSG_TGT_REP 17 /* TGT-REP type */
#define KRB5_MSG_SAFE 20 /* KRB-SAFE type */
#define KRB5_MSG_PRIV 21 /* KRB-PRIV type */
@ -3119,6 +3124,8 @@ static const value_string krb5_msg_types[] = {
{ KRB5_MSG_AS_REP, "AS-REP" },
{ KRB5_MSG_AP_REQ, "AP-REQ" },
{ KRB5_MSG_AP_REP, "AP-REP" },
{ KRB5_MSG_TGT_REQ, "TGT-REQ" },
{ KRB5_MSG_TGT_REP, "TGT-REP" },
{ KRB5_MSG_SAFE, "KRB-SAFE" },
{ KRB5_MSG_PRIV, "KRB-PRIV" },
{ KRB5_MSG_CRED, "KRB-CRED" },
@ -4398,7 +4405,7 @@ static const value_string kerberos_ENCTYPE_vals[] = {
static int
dissect_kerberos_ENCTYPE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
#line 313 "./asn1/kerberos/kerberos.cnf"
#line 315 "./asn1/kerberos/kerberos.cnf"
kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
&(private_data->etype));
@ -4423,7 +4430,7 @@ dissect_kerberos_UInt32(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset
static int
dissect_kerberos_T_encryptedTicketData_cipher(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
#line 317 "./asn1/kerberos/kerberos.cnf"
#line 319 "./asn1/kerberos/kerberos.cnf"
#ifdef HAVE_KERBEROS
offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_ticket_data);
#else
@ -4550,7 +4557,7 @@ static const value_string kerberos_CKSUMTYPE_vals[] = {
static int
dissect_kerberos_CKSUMTYPE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
#line 373 "./asn1/kerberos/kerberos.cnf"
#line 375 "./asn1/kerberos/kerberos.cnf"
kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
&(private_data->checksum_type));
@ -4565,7 +4572,7 @@ dissect_kerberos_CKSUMTYPE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int off
static int
dissect_kerberos_T_checksum(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
#line 377 "./asn1/kerberos/kerberos.cnf"
#line 379 "./asn1/kerberos/kerberos.cnf"
tvbuff_t *next_tvb;
kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
@ -4632,7 +4639,7 @@ dissect_kerberos_Int32(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset
static int
dissect_kerberos_T_keytype(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
#line 391 "./asn1/kerberos/kerberos.cnf"
#line 393 "./asn1/kerberos/kerberos.cnf"
kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
private_data->key_hidden_item = proto_tree_add_item(tree, hf_krb_key_hidden_item,
@ -4654,7 +4661,7 @@ dissect_kerberos_T_keytype(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int off
static int
dissect_kerberos_T_keyvalue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
#line 404 "./asn1/kerberos/kerberos.cnf"
#line 406 "./asn1/kerberos/kerberos.cnf"
tvbuff_t *out_tvb;
kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
@ -4681,7 +4688,7 @@ static const ber_sequence_t EncryptionKey_sequence[] = {
static int
dissect_kerberos_EncryptionKey(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
#line 415 "./asn1/kerberos/kerberos.cnf"
#line 417 "./asn1/kerberos/kerberos.cnf"
kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
#ifdef HAVE_KERBEROS
int start_offset = offset;
@ -4711,7 +4718,7 @@ dissect_kerberos_EncryptionKey(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int
static int
dissect_kerberos_T_authenticator_subkey(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
#line 434 "./asn1/kerberos/kerberos.cnf"
#line 436 "./asn1/kerberos/kerberos.cnf"
kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
gint save_encryption_key_parent_hf_index = private_data->save_encryption_key_parent_hf_index;
kerberos_key_save_fn saved_encryption_key_fn = private_data->save_encryption_key_fn;
@ -4760,7 +4767,7 @@ static const value_string kerberos_AUTHDATA_TYPE_vals[] = {
static int
dissect_kerberos_AUTHDATA_TYPE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
#line 503 "./asn1/kerberos/kerberos.cnf"
#line 505 "./asn1/kerberos/kerberos.cnf"
kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
&(private_data->ad_type));
@ -4775,7 +4782,7 @@ dissect_kerberos_AUTHDATA_TYPE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int
static int
dissect_kerberos_T_ad_data(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
#line 507 "./asn1/kerberos/kerberos.cnf"
#line 509 "./asn1/kerberos/kerberos.cnf"
kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
switch(private_data->ad_type){
@ -4905,7 +4912,7 @@ dissect_kerberos_TicketFlags(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int o
static int
dissect_kerberos_T_encTicketPart_key(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
#line 479 "./asn1/kerberos/kerberos.cnf"
#line 481 "./asn1/kerberos/kerberos.cnf"
kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
gint save_encryption_key_parent_hf_index = private_data->save_encryption_key_parent_hf_index;
kerberos_key_save_fn saved_encryption_key_fn = private_data->save_encryption_key_fn;
@ -4964,7 +4971,7 @@ static const value_string kerberos_ADDR_TYPE_vals[] = {
static int
dissect_kerberos_ADDR_TYPE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
#line 540 "./asn1/kerberos/kerberos.cnf"
#line 542 "./asn1/kerberos/kerberos.cnf"
kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
&(private_data->addr_type));
@ -4979,7 +4986,7 @@ dissect_kerberos_ADDR_TYPE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int off
static int
dissect_kerberos_T_address(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
#line 262 "./asn1/kerberos/kerberos.cnf"
#line 264 "./asn1/kerberos/kerberos.cnf"
gint8 appclass;
gboolean pc;
gint32 tag;
@ -5102,6 +5109,8 @@ static const value_string kerberos_MESSAGE_TYPE_vals[] = {
{ 13, "krb-tgs-rep" },
{ 14, "krb-ap-req" },
{ 15, "krb-ap-rep" },
{ 16, "krb-tgt-req" },
{ 17, "krb-tgt-rep" },
{ 20, "krb-safe" },
{ 21, "krb-priv" },
{ 22, "krb-cred" },
@ -5112,7 +5121,7 @@ static const value_string kerberos_MESSAGE_TYPE_vals[] = {
static int
dissect_kerberos_MESSAGE_TYPE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
#line 96 "./asn1/kerberos/kerberos.cnf"
#line 98 "./asn1/kerberos/kerberos.cnf"
kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
guint32 msgtype;
@ -5122,7 +5131,7 @@ dissect_kerberos_MESSAGE_TYPE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int
#line 102 "./asn1/kerberos/kerberos.cnf"
#line 104 "./asn1/kerberos/kerberos.cnf"
if (gbl_do_col_info) {
col_add_str(actx->pinfo->cinfo, COL_INFO,
val_to_str(msgtype, krb5_msg_types,
@ -5215,14 +5224,14 @@ static const value_string kerberos_PADATA_TYPE_vals[] = {
static int
dissect_kerberos_PADATA_TYPE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
#line 161 "./asn1/kerberos/kerberos.cnf"
#line 163 "./asn1/kerberos/kerberos.cnf"
kerberos_private_data_t* private_data = kerberos_get_private_data(actx);
offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
&(private_data->padata_type));
#line 164 "./asn1/kerberos/kerberos.cnf"
#line 166 "./asn1/kerberos/kerberos.cnf"
if(tree){
proto_item_append_text(tree, " %s",
val_to_str(private_data->padata_type, kerberos_PADATA_TYPE_vals,
@ -5237,7 +5246,7 @@ dissect_kerberos_PADATA_TYPE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int o
static int
dissect_kerberos_T_padata_value(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
#line 171 "./asn1/kerberos/kerberos.cnf"
#line 173 "./asn1/kerberos/kerberos.cnf"
proto_tree *sub_tree=tree;
kerberos_private_data_t* private_data = kerberos_get_private_data(actx);
@ -5424,7 +5433,7 @@ dissect_kerberos_SEQUENCE_OF_ENCTYPE(gboolean implicit_tag _U_, tvbuff_t *tvb _U
static int
dissect_kerberos_T_encryptedAuthorizationData_cipher(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
#line 324 "./asn1/kerberos/kerberos.cnf"
#line 326 "./asn1/kerberos/kerberos.cnf"
#ifdef HAVE_KERBEROS
offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_authorization_data);
#else
@ -5486,7 +5495,7 @@ static const ber_sequence_t KDC_REQ_BODY_sequence[] = {
static int
dissect_kerberos_KDC_REQ_BODY(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
#line 544 "./asn1/kerberos/kerberos.cnf"
#line 546 "./asn1/kerberos/kerberos.cnf"
conversation_t *conversation;
/*
@ -5547,7 +5556,7 @@ dissect_kerberos_AS_REQ(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset
static int
dissect_kerberos_T_encryptedKDCREPData_cipher(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
#line 338 "./asn1/kerberos/kerberos.cnf"
#line 340 "./asn1/kerberos/kerberos.cnf"
#ifdef HAVE_KERBEROS
offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_KDC_REP_data);
#else
@ -5648,7 +5657,7 @@ dissect_kerberos_APOptions(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int off
static int
dissect_kerberos_T_encryptedAuthenticator_cipher(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
#line 331 "./asn1/kerberos/kerberos.cnf"
#line 333 "./asn1/kerberos/kerberos.cnf"
#ifdef HAVE_KERBEROS
offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_authenticator_data);
#else
@ -5710,7 +5719,7 @@ dissect_kerberos_AP_REQ(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset
static int
dissect_kerberos_T_encryptedAPREPData_cipher(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
#line 352 "./asn1/kerberos/kerberos.cnf"
#line 354 "./asn1/kerberos/kerberos.cnf"
#ifdef HAVE_KERBEROS
offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_AP_REP_data);
#else
@ -5770,7 +5779,7 @@ dissect_kerberos_AP_REP(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset
static int
dissect_kerberos_T_kRB_SAFE_BODY_user_data(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
#line 567 "./asn1/kerberos/kerberos.cnf"
#line 569 "./asn1/kerberos/kerberos.cnf"
kerberos_private_data_t* private_data = kerberos_get_private_data(actx);
tvbuff_t *new_tvb;
offset=dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_index, &new_tvb);
@ -5833,7 +5842,7 @@ dissect_kerberos_KRB_SAFE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offs
static int
dissect_kerberos_T_encryptedKrbPrivData_cipher(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
#line 359 "./asn1/kerberos/kerberos.cnf"
#line 361 "./asn1/kerberos/kerberos.cnf"
#ifdef HAVE_KERBEROS
offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_PRIV_data);
#else
@ -5893,7 +5902,7 @@ dissect_kerberos_KRB_PRIV(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offs
static int
dissect_kerberos_T_encryptedKrbCredData_cipher(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
#line 366 "./asn1/kerberos/kerberos.cnf"
#line 368 "./asn1/kerberos/kerberos.cnf"
#ifdef HAVE_KERBEROS
offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_CRED_data);
#else
@ -5954,7 +5963,7 @@ dissect_kerberos_KRB_CRED(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offs
static int
dissect_kerberos_T_encKDCRepPart_key(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
#line 458 "./asn1/kerberos/kerberos.cnf"
#line 460 "./asn1/kerberos/kerberos.cnf"
kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
gint save_encryption_key_parent_hf_index = private_data->save_encryption_key_parent_hf_index;
kerberos_key_save_fn saved_encryption_key_fn = private_data->save_encryption_key_fn;
@ -6048,14 +6057,14 @@ dissect_kerberos_METHOD_DATA(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int o
static int
dissect_kerberos_T_encrypted_pa_data(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
#line 583 "./asn1/kerberos/kerberos.cnf"
#line 585 "./asn1/kerberos/kerberos.cnf"
kerberos_private_data_t* private_data = kerberos_get_private_data(actx);
private_data->is_enc_padata = TRUE;
offset = dissect_kerberos_METHOD_DATA(implicit_tag, tvb, offset, actx, tree, hf_index);
#line 587 "./asn1/kerberos/kerberos.cnf"
#line 589 "./asn1/kerberos/kerberos.cnf"
private_data->is_enc_padata = FALSE;
@ -6112,7 +6121,7 @@ dissect_kerberos_EncTGSRepPart(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int
static int
dissect_kerberos_T_encAPRepPart_subkey(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
#line 446 "./asn1/kerberos/kerberos.cnf"
#line 448 "./asn1/kerberos/kerberos.cnf"
kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
gint save_encryption_key_parent_hf_index = private_data->save_encryption_key_parent_hf_index;
kerberos_key_save_fn saved_encryption_key_fn = private_data->save_encryption_key_fn;
@ -6161,7 +6170,7 @@ dissect_kerberos_EncAPRepPart(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int
static int
dissect_kerberos_T_encKrbPrivPart_user_data(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
#line 575 "./asn1/kerberos/kerberos.cnf"
#line 577 "./asn1/kerberos/kerberos.cnf"
kerberos_private_data_t* private_data = kerberos_get_private_data(actx);
tvbuff_t *new_tvb;
offset=dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_index, &new_tvb);
@ -6207,7 +6216,7 @@ dissect_kerberos_ENC_KRB_PRIV_PART(gboolean implicit_tag _U_, tvbuff_t *tvb _U_,
static int
dissect_kerberos_T_krbCredInfo_key(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
#line 491 "./asn1/kerberos/kerberos.cnf"
#line 493 "./asn1/kerberos/kerberos.cnf"
kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
gint save_encryption_key_parent_hf_index = private_data->save_encryption_key_parent_hf_index;
kerberos_key_save_fn saved_encryption_key_fn = private_data->save_encryption_key_fn;
@ -6396,7 +6405,7 @@ static const value_string kerberos_ERROR_CODE_vals[] = {
static int
dissect_kerberos_ERROR_CODE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
#line 118 "./asn1/kerberos/kerberos.cnf"
#line 120 "./asn1/kerberos/kerberos.cnf"
kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
&private_data->errorcode);
@ -6404,7 +6413,7 @@ dissect_kerberos_ERROR_CODE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int of
#line 122 "./asn1/kerberos/kerberos.cnf"
#line 124 "./asn1/kerberos/kerberos.cnf"
if (private_data->errorcode) {
col_add_fstr(actx->pinfo->cinfo, COL_INFO,
"KRB Error: %s",
@ -6420,7 +6429,7 @@ dissect_kerberos_ERROR_CODE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int of
static int
dissect_kerberos_T_e_data(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
#line 131 "./asn1/kerberos/kerberos.cnf"
#line 133 "./asn1/kerberos/kerberos.cnf"
kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
switch (private_data->errorcode) {
@ -6528,7 +6537,7 @@ dissect_kerberos_Applications(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int
static int
dissect_kerberos_T_pA_ENC_TIMESTAMP_cipher(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
#line 345 "./asn1/kerberos/kerberos.cnf"
#line 347 "./asn1/kerberos/kerberos.cnf"
#ifdef HAVE_KERBEROS
offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_PA_ENC_TIMESTAMP);
#else
@ -6625,6 +6634,39 @@ dissect_kerberos_AD_IF_RELEVANT(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, in
}
static const ber_sequence_t TGT_REQ_sequence[] = {
{ &hf_kerberos_pvno , BER_CLASS_CON, 0, 0, dissect_kerberos_INTEGER_5 },
{ &hf_kerberos_msg_type , BER_CLASS_CON, 1, 0, dissect_kerberos_MESSAGE_TYPE },
{ &hf_kerberos_server_name, BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL, dissect_kerberos_PrincipalName },
{ &hf_kerberos_realm , BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL, dissect_kerberos_Realm },
{ NULL, 0, 0, 0, NULL }
};
int
dissect_kerberos_TGT_REQ(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
TGT_REQ_sequence, hf_index, ett_kerberos_TGT_REQ);
return offset;
}
static const ber_sequence_t TGT_REP_sequence[] = {
{ &hf_kerberos_pvno , BER_CLASS_CON, 0, 0, dissect_kerberos_INTEGER_5 },
{ &hf_kerberos_msg_type , BER_CLASS_CON, 1, 0, dissect_kerberos_MESSAGE_TYPE },
{ &hf_kerberos_ticket , BER_CLASS_CON, 2, 0, dissect_kerberos_Ticket },
{ NULL, 0, 0, 0, NULL }
};
int
dissect_kerberos_TGT_REP(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
TGT_REP_sequence, hf_index, ett_kerberos_TGT_REP);
return offset;
}
static int
dissect_kerberos_BOOLEAN(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
@ -6679,7 +6721,7 @@ dissect_kerberos_PA_S4U2Self(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int o
static int
dissect_kerberos_T_subject_certificate(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
#line 537 "./asn1/kerberos/kerberos.cnf"
#line 539 "./asn1/kerberos/kerberos.cnf"
offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset,hf_index, dissect_x509af_Certificate);
@ -6830,7 +6872,7 @@ static const value_string kerberos_KrbFastArmorTypes_vals[] = {
static int
dissect_kerberos_KrbFastArmorTypes(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
#line 614 "./asn1/kerberos/kerberos.cnf"
#line 616 "./asn1/kerberos/kerberos.cnf"
kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
&(private_data->fast_type));
@ -6845,7 +6887,7 @@ dissect_kerberos_KrbFastArmorTypes(gboolean implicit_tag _U_, tvbuff_t *tvb _U_,
static int
dissect_kerberos_T_armor_value(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
#line 618 "./asn1/kerberos/kerberos.cnf"
#line 620 "./asn1/kerberos/kerberos.cnf"
kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
switch(private_data->fast_type){
@ -6883,7 +6925,7 @@ dissect_kerberos_KrbFastArmor(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int
static int
dissect_kerberos_T_encryptedKrbFastReq_cipher(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
#line 590 "./asn1/kerberos/kerberos.cnf"
#line 592 "./asn1/kerberos/kerberos.cnf"
#ifdef HAVE_KERBEROS
offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_KrbFastReq);
#else
@ -6949,7 +6991,7 @@ dissect_kerberos_PA_FX_FAST_REQUEST(gboolean implicit_tag _U_, tvbuff_t *tvb _U_
static int
dissect_kerberos_T_encryptedKrbFastResponse_cipher(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
#line 598 "./asn1/kerberos/kerberos.cnf"
#line 600 "./asn1/kerberos/kerberos.cnf"
#ifdef HAVE_KERBEROS
offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_KrbFastResponse);
#else
@ -7013,7 +7055,7 @@ dissect_kerberos_PA_FX_FAST_REPLY(gboolean implicit_tag _U_, tvbuff_t *tvb _U_,
static int
dissect_kerberos_T_encryptedChallenge_cipher(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
#line 606 "./asn1/kerberos/kerberos.cnf"
#line 608 "./asn1/kerberos/kerberos.cnf"
#ifdef HAVE_KERBEROS
offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_EncryptedChallenge);
#else
@ -7214,7 +7256,7 @@ static const ber_choice_t PA_SPAKE_choice[] = {
static int
dissect_kerberos_PA_SPAKE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
#line 632 "./asn1/kerberos/kerberos.cnf"
#line 634 "./asn1/kerberos/kerberos.cnf"
kerberos_private_data_t* private_data = kerberos_get_private_data(actx);
offset = dissect_ber_choice(actx, tree, tvb, offset,
PA_SPAKE_choice, hf_index, ett_kerberos_PA_SPAKE,
@ -7222,7 +7264,7 @@ dissect_kerberos_PA_SPAKE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offs
#line 635 "./asn1/kerberos/kerberos.cnf"
#line 637 "./asn1/kerberos/kerberos.cnf"
if(tree){
proto_item_append_text(tree, " %s",
val_to_str(private_data->padata_type, kerberos_PA_SPAKE_vals,
@ -7234,7 +7276,7 @@ dissect_kerberos_PA_SPAKE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offs
/*--- End of included file: packet-kerberos-fn.c ---*/
#line 3816 "./asn1/kerberos/packet-kerberos-template.c"
#line 3820 "./asn1/kerberos/packet-kerberos-template.c"
#ifdef HAVE_KERBEROS
static const ber_sequence_t PA_ENC_TS_ENC_sequence[] = {
@ -8516,6 +8558,10 @@ void proto_register_kerberos(void) {
{ "ETYPE-INFO2-ENTRY", "kerberos.ETYPE_INFO2_ENTRY_element",
FT_NONE, BASE_NONE, NULL, 0,
NULL, HFILL }},
{ &hf_kerberos_server_name,
{ "server-name", "kerberos.server_name_element",
FT_NONE, BASE_NONE, NULL, 0,
"PrincipalName", HFILL }},
{ &hf_kerberos_include_pac,
{ "include-pac", "kerberos.include_pac",
FT_BOOLEAN, BASE_NONE, NULL, 0,
@ -8910,7 +8956,7 @@ void proto_register_kerberos(void) {
NULL, HFILL }},
/*--- End of included file: packet-kerberos-hfarr.c ---*/
#line 4587 "./asn1/kerberos/packet-kerberos-template.c"
#line 4591 "./asn1/kerberos/packet-kerberos-template.c"
};
/* List of subtrees */
@ -8992,6 +9038,8 @@ void proto_register_kerberos(void) {
&ett_kerberos_ETYPE_INFO,
&ett_kerberos_ETYPE_INFO2_ENTRY,
&ett_kerberos_ETYPE_INFO2,
&ett_kerberos_TGT_REQ,
&ett_kerberos_TGT_REP,
&ett_kerberos_APOptions,
&ett_kerberos_TicketFlags,
&ett_kerberos_KDCOptions,
@ -9023,7 +9071,7 @@ void proto_register_kerberos(void) {
&ett_kerberos_PA_SPAKE,
/*--- End of included file: packet-kerberos-ettarr.c ---*/
#line 4614 "./asn1/kerberos/packet-kerberos-template.c"
#line 4618 "./asn1/kerberos/packet-kerberos-template.c"
};
static ei_register_info ei[] = {

2
epan/dissectors/packet-kerberos.h
View File

@ -157,6 +157,8 @@ extern gboolean krb_decrypt;
#define KERBEROS_APPLICATIONS_ENCKRBPRIVPART 28
#define KERBEROS_APPLICATIONS_ENCKRBCREDPART 29
#define KERBEROS_APPLICATIONS_KRB_ERROR 30
int dissect_kerberos_TGT_REQ(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
int dissect_kerberos_TGT_REP(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
int dissect_kerberos_ChangePasswdData(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
/*--- End of included file: packet-kerberos-exp.h ---*/

15
epan/dissectors/packet-spnego.c
View File

@ -560,6 +560,8 @@ dissect_spnego_InitialContextToken(gboolean implicit_tag _U_, tvbuff_t *tvb _U_,
#define KRB_TOKEN_GETMIC 0x0101
#define KRB_TOKEN_WRAP 0x0102
#define KRB_TOKEN_DELETE_SEC_CONTEXT 0x0201
#define KRB_TOKEN_TGT_REQ 0x0004
#define KRB_TOKEN_TGT_REP 0x0104
#define KRB_TOKEN_CFX_GETMIC 0x0404
#define KRB_TOKEN_CFX_WRAP 0x0405
@ -570,6 +572,8 @@ static const value_string spnego_krb5_tok_id_vals[] = {
{ KRB_TOKEN_GETMIC, "KRB5_GSS_GetMIC" },
{ KRB_TOKEN_WRAP, "KRB5_GSS_Wrap" },
{ KRB_TOKEN_DELETE_SEC_CONTEXT, "KRB5_GSS_Delete_sec_context" },
{ KRB_TOKEN_TGT_REQ, "KERB_TGT_REQUEST" },
{ KRB_TOKEN_TGT_REP, "KERB_TGT_REPLY" },
{ KRB_TOKEN_CFX_GETMIC, "KRB_TOKEN_CFX_GetMic" },
{ KRB_TOKEN_CFX_WRAP, "KRB_TOKEN_CFX_WRAP" },
{ 0, NULL}
@ -716,6 +720,13 @@ dissect_spnego_krb5(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* d
switch (token_id) {
case KRB_TOKEN_TGT_REQ:
offset = dissect_kerberos_TGT_REQ(FALSE, tvb, offset, &asn1_ctx, subtree, -1);
break;
case KRB_TOKEN_TGT_REP:
offset = dissect_kerberos_TGT_REP(FALSE, tvb, offset, &asn1_ctx, subtree, -1);
break;
case KRB_TOKEN_AP_REQ:
case KRB_TOKEN_AP_REP:
case KRB_TOKEN_AP_ERR:
@ -1928,7 +1939,7 @@ void proto_register_spnego(void) {
NULL, HFILL }},
/*--- End of included file: packet-spnego-hfarr.c ---*/
#line 1383 "./asn1/spnego/packet-spnego-template.c"
#line 1394 "./asn1/spnego/packet-spnego-template.c"
};
/* List of subtrees */
@ -1951,7 +1962,7 @@ void proto_register_spnego(void) {
&ett_spnego_InitialContextToken_U,
/*--- End of included file: packet-spnego-ettarr.c ---*/
#line 1393 "./asn1/spnego/packet-spnego-template.c"
#line 1404 "./asn1/spnego/packet-spnego-template.c"
};
static ei_register_info ei[] = {