start decoding PA_PW_SALT in the PA-DATA structure.

for the time being since i have never seen this salt being used elsewhere, assume everything is the MS style salt: guint32 nt_status guint32 unknown guint32 unknown if the MS KDC does nopt allow a client to grab a ticket (due to policy client can only log in at certain hours or such) KDC will repsond with a failuer with edata like above and nt-status == STATUS_LOGON_HOURS svn path=/trunk/; revision=17722
2006-03-24 21:41:01 +00:00 · 2006-03-24 21:41:01 +00:00 · fd58413224
parent 54f9da2135
commit fd58413224
1 changed files with 39 additions and 0 deletions
--- a/epan/dissectors/packet-kerberos.c
+++ b/epan/dissectors/packet-kerberos.c
@ -259,6 +259,8 @@ static gint hf_krb_gssapi_c_flag_replay = -1;
 static gint hf_krb_gssapi_c_flag_sequence = -1;
 static gint hf_krb_gssapi_c_flag_conf = -1;
 static gint hf_krb_gssapi_c_flag_integ = -1;
+static gint hf_krb_smb_nt_status = -1;
+static gint hf_krb_smb_unknown = -1;

 static gint ett_krb_kerberos = -1;
 static gint ett_krb_TransitedEncoding = -1;
@ -2064,6 +2066,33 @@ dissect_krb5_PA_ENCTYPE_INFO2(packet_info *pinfo, proto_tree *tree, tvbuff_t *tv
 	return offset;
 }

+
+static int
+dissect_krb5_PW_SALT(packet_info *pinfo _U_, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+	/* Microsoft stores a special 12 byte blob here
+	 * guint32 NT_status    
+	 * guint32 unknown
+	 * guint32 unknown
+	 * decode everything as this blob for now until we see if anyone
+	 * else ever uses it   or we learn how to tell wether this
+	 * is such an MS blob or not.
+	 */
+	proto_tree_add_item(tree, hf_krb_smb_nt_status, tvb, offset, 4,
+			TRUE);
+	offset += 4;
+
+	proto_tree_add_item(tree, hf_krb_smb_unknown, tvb, offset, 4,
+			TRUE);
+	offset += 4;
+
+	proto_tree_add_item(tree, hf_krb_smb_unknown, tvb, offset, 4,
+			TRUE);
+	offset += 4;
+
+	return offset;
+}
+
 /*
 * PA-DATA ::=        SEQUENCE {
 *          padata-type[1]        INTEGER,
@ -2120,6 +2149,9 @@ dissect_krb5_PA_DATA_value(packet_info *pinfo, proto_tree *parent_tree, tvbuff_t
 	case KRB5_PA_ENCTYPE_INFO2:
 		offset=dissect_ber_octet_string_wcb(FALSE, pinfo, tree, tvb, offset,hf_krb_PA_DATA_value, dissect_krb5_PA_ENCTYPE_INFO2);
 		break;
+	case KRB5_PA_PW_SALT:
+		offset=dissect_ber_octet_string_wcb(FALSE, pinfo, tree, tvb, offset,hf_krb_PA_DATA_value, dissect_krb5_PW_SALT);
+ 		break;
 	default:
 		offset=dissect_ber_octet_string_wcb(FALSE, pinfo, tree, tvb, offset,hf_krb_PA_DATA_value, NULL);
 	}
@ -4604,6 +4636,13 @@ proto_register_kerberos(void)
 	{ &hf_krb_gssapi_dlglen, {
 	    "DlgLen", "kerberos.gssapi.dlglen", FT_UINT16, BASE_DEC,
 	    NULL, 0, "GSSAPI DlgLen", HFILL }},
+	{ &hf_krb_smb_nt_status,
+		{ "NT Status", "kerberos.smb.nt_status", FT_UINT32, BASE_HEX,
+		VALS(NT_errors), 0, "NT Status code", HFILL }},
+	{ &hf_krb_smb_unknown,
+		{ "Unknown", "kerberos.smb.unknown", FT_UINT32, BASE_HEX,
+		NULL, 0, "unknown", HFILL }},
+
    };

    static gint *ett[] = {