From fd584132243a7e352b7aea667056576d18fc5372 Mon Sep 17 00:00:00 2001
From: Ronnie Sahlberg <ronnie_sahlberg@ozemail.com.au>
Date: Fri, 24 Mar 2006 21:41:01 +0000
Subject: [PATCH] start decoding PA_PW_SALT in the PA-DATA structure.

for the time being   since i have never seen this salt being used elsewhere,
assume everything is the MS style salt:

guint32 nt_status
guint32 unknown
guint32 unknown


if the MS KDC does nopt allow a client to grab a ticket (due to policy   client can only log in at certain hours or such)
KDC will repsond with a failuer with edata like above   and nt-status ==  STATUS_LOGON_HOURS




svn path=/trunk/; revision=17722
---
 epan/dissectors/packet-kerberos.c | 39 +++++++++++++++++++++++++++++++
 1 file changed, 39 insertions(+)

diff --git a/epan/dissectors/packet-kerberos.c b/epan/dissectors/packet-kerberos.c
index 272f5e4bb8..9b2630bc09 100644
--- a/epan/dissectors/packet-kerberos.c
+++ b/epan/dissectors/packet-kerberos.c
@@ -259,6 +259,8 @@ static gint hf_krb_gssapi_c_flag_replay = -1;
 static gint hf_krb_gssapi_c_flag_sequence = -1;
 static gint hf_krb_gssapi_c_flag_conf = -1;
 static gint hf_krb_gssapi_c_flag_integ = -1;
+static gint hf_krb_smb_nt_status = -1;
+static gint hf_krb_smb_unknown = -1;
 
 static gint ett_krb_kerberos = -1;
 static gint ett_krb_TransitedEncoding = -1;
@@ -2064,6 +2066,33 @@ dissect_krb5_PA_ENCTYPE_INFO2(packet_info *pinfo, proto_tree *tree, tvbuff_t *tv
 	return offset;
 }
 
+
+static int
+dissect_krb5_PW_SALT(packet_info *pinfo _U_, proto_tree *tree, tvbuff_t *tvb, int offset)
+{
+	/* Microsoft stores a special 12 byte blob here
+	 * guint32 NT_status    
+	 * guint32 unknown
+	 * guint32 unknown
+	 * decode everything as this blob for now until we see if anyone
+	 * else ever uses it   or we learn how to tell wether this
+	 * is such an MS blob or not.
+	 */
+	proto_tree_add_item(tree, hf_krb_smb_nt_status, tvb, offset, 4,
+			TRUE);
+	offset += 4;
+
+	proto_tree_add_item(tree, hf_krb_smb_unknown, tvb, offset, 4,
+			TRUE);
+	offset += 4;
+
+	proto_tree_add_item(tree, hf_krb_smb_unknown, tvb, offset, 4,
+			TRUE);
+	offset += 4;
+
+	return offset;
+}
+
 /*
  * PA-DATA ::=        SEQUENCE {
  *          padata-type[1]        INTEGER,
@@ -2120,6 +2149,9 @@ dissect_krb5_PA_DATA_value(packet_info *pinfo, proto_tree *parent_tree, tvbuff_t
 	case KRB5_PA_ENCTYPE_INFO2:
 		offset=dissect_ber_octet_string_wcb(FALSE, pinfo, tree, tvb, offset,hf_krb_PA_DATA_value, dissect_krb5_PA_ENCTYPE_INFO2);
  		break;
+	case KRB5_PA_PW_SALT:
+		offset=dissect_ber_octet_string_wcb(FALSE, pinfo, tree, tvb, offset,hf_krb_PA_DATA_value, dissect_krb5_PW_SALT);
+ 		break;
 	default:
 		offset=dissect_ber_octet_string_wcb(FALSE, pinfo, tree, tvb, offset,hf_krb_PA_DATA_value, NULL);
 	}
@@ -4604,6 +4636,13 @@ proto_register_kerberos(void)
 	{ &hf_krb_gssapi_dlglen, {
 	    "DlgLen", "kerberos.gssapi.dlglen", FT_UINT16, BASE_DEC,
 	    NULL, 0, "GSSAPI DlgLen", HFILL }},
+	{ &hf_krb_smb_nt_status,
+		{ "NT Status", "kerberos.smb.nt_status", FT_UINT32, BASE_HEX,
+		VALS(NT_errors), 0, "NT Status code", HFILL }},
+	{ &hf_krb_smb_unknown,
+		{ "Unknown", "kerberos.smb.unknown", FT_UINT32, BASE_HEX,
+		NULL, 0, "unknown", HFILL }},
+
     };
 
     static gint *ett[] = {