2008-10-15 06:14:24 +00:00
|
|
|
# kerberos.cnf
|
|
|
|
# kerberos conformation file
|
2014-02-26 19:29:17 +00:00
|
|
|
# Copyright 2008 Anders Broman
|
2008-10-15 06:14:24 +00:00
|
|
|
|
2014-04-18 19:27:30 +00:00
|
|
|
#.EXPORTS
|
|
|
|
ChangePasswdData
|
2016-03-20 21:53:59 +00:00
|
|
|
Applications ONLY_ENUM
|
2014-04-18 19:27:30 +00:00
|
|
|
|
2008-10-15 06:14:24 +00:00
|
|
|
#.FIELD_RENAME
|
2008-10-15 20:08:10 +00:00
|
|
|
KDC-REQ-BODY/etype kDC-REQ-BODY_etype
|
2013-05-16 12:21:43 +00:00
|
|
|
KRB-SAFE-BODY/user-data kRB-SAFE-BODY_user_data
|
|
|
|
EncKrbPrivPart/user-data encKrbPrivPart_user_data
|
|
|
|
EncryptedTicketData/cipher encryptedTicketData_cipher
|
2015-03-20 16:41:45 +00:00
|
|
|
EncryptedAuthenticator/cipher encryptedAuthenticator_cipher
|
2013-05-16 12:21:43 +00:00
|
|
|
EncryptedAuthorizationData/cipher encryptedAuthorizationData_cipher
|
|
|
|
EncryptedKDCREPData/cipher encryptedKDCREPData_cipher
|
|
|
|
PA-ENC-TIMESTAMP/cipher pA-ENC-TIMESTAMP_cipher
|
|
|
|
EncryptedAPREPData/cipher encryptedAPREPData_cipher
|
|
|
|
EncryptedKrbPrivData/cipher encryptedKrbPrivData_cipher
|
|
|
|
EncryptedKrbCredData/cipher encryptedKrbCredData_cipher
|
|
|
|
KRB-CRED/_untag/enc-part kRB_CRED_enc_part
|
|
|
|
KRB-PRIV/_untag/enc-part kRB_PRIV_enc_part
|
|
|
|
AP-REP/_untag/enc-part aP_REP_enc_part
|
|
|
|
KDC-REP/enc-part kDC_REP_enc_part
|
|
|
|
Ticket/_untag/enc-part ticket_enc_part
|
2019-01-10 08:41:31 +00:00
|
|
|
ETYPE-INFO-ENTRY/salt info_salt
|
|
|
|
ETYPE-INFO2-ENTRY/salt info2_salt
|
|
|
|
AP-REQ/_untag/authenticator authenticator_enc_part
|
2013-05-16 12:21:43 +00:00
|
|
|
|
2013-05-16 21:16:45 +00:00
|
|
|
#.OMIT_ASSIGNMENT
|
|
|
|
AD-AND-OR
|
|
|
|
AD-KDCIssued
|
|
|
|
AD-LoginAlias
|
|
|
|
AD-MANDATORY-FOR-KDC
|
|
|
|
ChangePasswdDataMS
|
|
|
|
EtypeList
|
|
|
|
KRB5SignedPath
|
|
|
|
KRB5SignedPathData
|
|
|
|
KRB5SignedPathPrincipals
|
|
|
|
Krb5int32
|
|
|
|
Krb5uint32
|
|
|
|
PA-ClientCanonicalized
|
|
|
|
PA-ClientCanonicalizedNames
|
|
|
|
PA-ENC-SAM-RESPONSE-ENC
|
|
|
|
PA-SAM-CHALLENGE-2
|
|
|
|
PA-SAM-CHALLENGE-2-BODY
|
|
|
|
PA-SAM-REDIRECT
|
|
|
|
PA-SAM-RESPONSE-2
|
|
|
|
PA-SAM-TYPE
|
|
|
|
PA-SERVER-REFERRAL-DATA
|
|
|
|
PA-ServerReferralData
|
|
|
|
PA-SvrReferralData
|
|
|
|
Principal
|
|
|
|
PROV-SRV-LOCATION
|
|
|
|
SAMFlags
|
|
|
|
TYPED-DATA
|
2016-09-24 12:29:07 +00:00
|
|
|
KrbFastReq
|
|
|
|
KrbFastResponse
|
|
|
|
KrbFastFinished
|
|
|
|
FastOptions
|
|
|
|
KerberosFlags
|
2008-10-15 06:14:24 +00:00
|
|
|
|
2014-04-18 19:34:20 +00:00
|
|
|
#.NO_EMIT ONLY_VALS
|
|
|
|
Applications
|
2017-11-15 07:47:31 +00:00
|
|
|
PA-FX-FAST-REPLY
|
|
|
|
PA-FX-FAST-REQUEST
|
2014-04-18 19:34:20 +00:00
|
|
|
|
2014-04-23 14:59:28 +00:00
|
|
|
#.MAKE_DEFINES
|
|
|
|
ADDR-TYPE TYPE_PREFIX
|
2016-03-20 21:53:59 +00:00
|
|
|
Applications TYPE_PREFIX
|
2014-04-23 14:59:28 +00:00
|
|
|
|
2015-02-17 08:39:47 +00:00
|
|
|
#.MAKE_ENUM
|
|
|
|
PADATA-TYPE PROT_PREFIX UPPER_CASE
|
2015-02-18 12:01:14 +00:00
|
|
|
AUTHDATA-TYPE PROT_PREFIX UPPER_CASE
|
2015-02-17 08:39:47 +00:00
|
|
|
|
2008-10-16 21:27:14 +00:00
|
|
|
#.FN_BODY MESSAGE-TYPE VAL_PTR = &msgtype
|
2019-01-10 09:39:05 +00:00
|
|
|
kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
|
|
|
|
guint32 msgtype;
|
2008-10-15 20:08:10 +00:00
|
|
|
|
|
|
|
%(DEFAULT_BODY)s
|
2013-05-16 22:23:16 +00:00
|
|
|
|
|
|
|
#.FN_FTR MESSAGE-TYPE
|
2013-05-16 21:16:45 +00:00
|
|
|
if (gbl_do_col_info) {
|
2008-10-15 20:08:10 +00:00
|
|
|
col_add_str(actx->pinfo->cinfo, COL_INFO,
|
|
|
|
val_to_str(msgtype, krb5_msg_types,
|
2013-05-16 22:23:16 +00:00
|
|
|
"Unknown msg type %#x"));
|
2008-10-15 20:08:10 +00:00
|
|
|
}
|
2013-05-16 21:16:45 +00:00
|
|
|
gbl_do_col_info=FALSE;
|
2008-10-15 20:08:10 +00:00
|
|
|
|
2014-04-23 14:59:28 +00:00
|
|
|
##if 0
|
2008-10-15 20:08:10 +00:00
|
|
|
/* append the application type to the tree */
|
2013-05-16 22:23:16 +00:00
|
|
|
proto_item_append_text(tree, " %s", val_to_str(msgtype, krb5_msg_types, "Unknown:0x%x"));
|
2014-04-23 14:59:28 +00:00
|
|
|
##endif
|
2019-01-10 09:39:05 +00:00
|
|
|
if (private_data->msg_type == 0) {
|
|
|
|
private_data->msg_type = msgtype;
|
|
|
|
}
|
2014-02-26 19:29:17 +00:00
|
|
|
|
2015-02-27 13:02:56 +00:00
|
|
|
#.FN_BODY ERROR-CODE VAL_PTR = &private_data->errorcode
|
|
|
|
kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
|
2008-10-17 16:09:34 +00:00
|
|
|
%(DEFAULT_BODY)s
|
2013-05-16 22:23:16 +00:00
|
|
|
|
|
|
|
#.FN_FTR ERROR-CODE
|
2015-02-27 13:02:56 +00:00
|
|
|
if (private_data->errorcode) {
|
2008-10-17 16:09:34 +00:00
|
|
|
col_add_fstr(actx->pinfo->cinfo, COL_INFO,
|
2013-05-16 22:23:16 +00:00
|
|
|
"KRB Error: %s",
|
2015-02-27 13:02:56 +00:00
|
|
|
val_to_str(private_data->errorcode, krb5_error_codes,
|
2013-05-16 22:23:16 +00:00
|
|
|
"Unknown error code %#x"));
|
2008-10-17 16:09:34 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
return offset;
|
|
|
|
#.END
|
|
|
|
#.FN_BODY KRB-ERROR/_untag/e-data
|
2015-02-27 13:02:56 +00:00
|
|
|
kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
|
|
|
|
|
|
|
|
switch (private_data->errorcode) {
|
2008-10-17 16:09:34 +00:00
|
|
|
case KRB5_ET_KRB5KDC_ERR_BADOPTION:
|
|
|
|
case KRB5_ET_KRB5KDC_ERR_CLIENT_REVOKED:
|
|
|
|
case KRB5_ET_KRB5KDC_ERR_KEY_EXP:
|
|
|
|
case KRB5_ET_KRB5KDC_ERR_POLICY:
|
|
|
|
/* ms windows kdc sends e-data of this type containing a "salt"
|
|
|
|
* that contains the nt_status code for these error codes.
|
|
|
|
*/
|
2015-02-27 13:02:56 +00:00
|
|
|
private_data->try_nt_status = TRUE;
|
2008-10-17 16:09:34 +00:00
|
|
|
offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_kerberos_e_data, dissect_kerberos_PA_DATA);
|
|
|
|
break;
|
|
|
|
case KRB5_ET_KRB5KDC_ERR_PREAUTH_REQUIRED:
|
|
|
|
case KRB5_ET_KRB5KDC_ERR_PREAUTH_FAILED:
|
|
|
|
case KRB5_ET_KRB5KDC_ERR_ETYPE_NOSUPP:
|
2015-02-20 17:47:56 +00:00
|
|
|
case KRB5_ET_KDC_ERR_WRONG_REALM:
|
|
|
|
case KRB5_ET_KDC_ERR_PREAUTH_EXPIRED:
|
|
|
|
case KRB5_ET_KDC_ERR_MORE_PREAUTH_DATA_REQUIRED:
|
|
|
|
case KRB5_ET_KDC_ERR_PREAUTH_BAD_AUTHENTICATION_SET:
|
|
|
|
case KRB5_ET_KDC_ERR_UNKNOWN_CRITICAL_FAST_OPTIONS:
|
2008-10-17 16:09:34 +00:00
|
|
|
offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_kerberos_e_data, dissect_kerberos_SEQUENCE_OF_PA_DATA);
|
|
|
|
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
offset=dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_kerberos_e_data, NULL);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2014-04-25 13:23:13 +00:00
|
|
|
#.FN_BODY PADATA-TYPE VAL_PTR=&(private_data->padata_type)
|
|
|
|
kerberos_private_data_t* private_data = kerberos_get_private_data(actx);
|
2008-10-15 20:08:10 +00:00
|
|
|
%(DEFAULT_BODY)s
|
2014-04-25 13:23:13 +00:00
|
|
|
#.FN_FTR PADATA-TYPE
|
2008-10-15 20:08:10 +00:00
|
|
|
if(tree){
|
2013-05-16 22:23:16 +00:00
|
|
|
proto_item_append_text(tree, " %s",
|
2015-02-17 08:39:47 +00:00
|
|
|
val_to_str(private_data->padata_type, kerberos_PADATA_TYPE_vals,
|
2013-05-16 22:23:16 +00:00
|
|
|
"Unknown:%d"));
|
2008-10-15 20:08:10 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
#.FN_BODY PA-DATA/padata-value
|
2013-05-16 12:21:43 +00:00
|
|
|
proto_tree *sub_tree=tree;
|
2014-04-25 13:23:13 +00:00
|
|
|
kerberos_private_data_t* private_data = kerberos_get_private_data(actx);
|
2008-10-15 20:08:10 +00:00
|
|
|
|
|
|
|
if(actx->created_item){
|
|
|
|
sub_tree=proto_item_add_subtree(actx->created_item, ett_kerberos_PA_DATA);
|
|
|
|
}
|
|
|
|
|
2014-04-25 13:23:13 +00:00
|
|
|
switch(private_data->padata_type){
|
2015-02-17 08:39:47 +00:00
|
|
|
case KERBEROS_PA_TGS_REQ:
|
2008-10-16 21:27:14 +00:00
|
|
|
offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_Applications);
|
2016-09-24 12:29:07 +00:00
|
|
|
break;
|
2016-01-04 12:41:20 +00:00
|
|
|
case KERBEROS_PA_PK_AS_REP_19:
|
|
|
|
private_data->is_win2k_pkinit = TRUE;
|
|
|
|
if (kerberos_private_is_kdc_req(private_data)) {
|
|
|
|
offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_pkinit_PA_PK_AS_REQ_Win2k);
|
|
|
|
} else {
|
|
|
|
offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_pkinit_PA_PK_AS_REP_Win2k);
|
|
|
|
}
|
|
|
|
break;
|
2015-02-17 08:39:47 +00:00
|
|
|
case KERBEROS_PA_PK_AS_REQ:
|
2008-10-16 21:27:14 +00:00
|
|
|
offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_pkinit_PaPkAsReq);
|
2016-09-24 12:29:07 +00:00
|
|
|
break;
|
2015-02-17 08:39:47 +00:00
|
|
|
case KERBEROS_PA_PK_AS_REP:
|
2008-10-16 21:27:14 +00:00
|
|
|
offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_pkinit_PaPkAsRep);
|
2016-09-24 12:29:07 +00:00
|
|
|
break;
|
2015-02-17 08:39:47 +00:00
|
|
|
case KERBEROS_PA_PAC_REQUEST:
|
2015-02-28 09:31:40 +00:00
|
|
|
offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_PAC_REQUEST);
|
2008-10-15 20:08:10 +00:00
|
|
|
break;
|
2015-02-17 08:39:47 +00:00
|
|
|
case KERBEROS_PA_FOR_USER: /* S4U2SELF */
|
2008-10-16 21:27:14 +00:00
|
|
|
offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_S4U2Self);
|
2016-09-24 12:29:07 +00:00
|
|
|
break;
|
2015-02-17 08:39:47 +00:00
|
|
|
case KERBEROS_PA_FOR_X509_USER:
|
2018-12-31 17:01:17 +00:00
|
|
|
if(private_data->msg_type == KRB5_MSG_AS_REQ){
|
|
|
|
offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_x509af_Certificate);
|
|
|
|
}else if(private_data->is_enc_padata){
|
2018-12-04 01:30:56 +00:00
|
|
|
offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, NULL);
|
2018-12-31 17:01:17 +00:00
|
|
|
}else{
|
|
|
|
offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_S4U_X509_USER);
|
2018-12-04 01:30:56 +00:00
|
|
|
}
|
2018-12-01 19:35:38 +00:00
|
|
|
break;
|
2015-02-17 08:39:47 +00:00
|
|
|
case KERBEROS_PA_PROV_SRV_LOCATION:
|
2008-10-16 21:27:14 +00:00
|
|
|
offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_krb5_PA_PROV_SRV_LOCATION);
|
2016-09-24 12:29:07 +00:00
|
|
|
break;
|
2015-02-17 08:39:47 +00:00
|
|
|
case KERBEROS_PA_ENC_TIMESTAMP:
|
2008-10-16 21:27:14 +00:00
|
|
|
offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_ENC_TIMESTAMP);
|
2016-09-24 12:29:07 +00:00
|
|
|
break;
|
2015-02-17 08:39:47 +00:00
|
|
|
case KERBEROS_PA_ETYPE_INFO:
|
2008-10-16 21:27:14 +00:00
|
|
|
offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_ETYPE_INFO);
|
2016-09-24 12:29:07 +00:00
|
|
|
break;
|
2015-02-17 08:39:47 +00:00
|
|
|
case KERBEROS_PA_ETYPE_INFO2:
|
2008-10-16 21:27:14 +00:00
|
|
|
offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_ETYPE_INFO2);
|
2016-09-24 12:29:07 +00:00
|
|
|
break;
|
2015-02-17 08:39:47 +00:00
|
|
|
case KERBEROS_PA_PW_SALT:
|
2008-10-16 21:27:14 +00:00
|
|
|
offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_krb5_PW_SALT);
|
2016-09-24 12:29:07 +00:00
|
|
|
break;
|
2015-02-17 08:39:47 +00:00
|
|
|
case KERBEROS_PA_AUTHENTICATION_SET:
|
2016-09-24 12:29:07 +00:00
|
|
|
offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_AUTHENTICATION_SET);
|
|
|
|
break;
|
2015-02-17 08:39:47 +00:00
|
|
|
case KERBEROS_PA_FX_FAST:
|
2018-12-31 17:01:17 +00:00
|
|
|
if(private_data->msg_type == KRB5_MSG_AS_REQ || private_data->msg_type == KRB5_MSG_TGS_REQ){
|
2016-09-24 12:29:07 +00:00
|
|
|
offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_FX_FAST_REQUEST);
|
|
|
|
}else{
|
|
|
|
offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_FX_FAST_REPLY);
|
|
|
|
}
|
|
|
|
break;
|
2015-02-17 08:39:47 +00:00
|
|
|
case KERBEROS_PA_ENCRYPTED_CHALLENGE:
|
2016-09-24 12:29:07 +00:00
|
|
|
offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_EncryptedChallenge);
|
|
|
|
break;
|
2015-02-19 09:19:43 +00:00
|
|
|
case KERBEROS_PA_SUPPORTED_ETYPES:
|
|
|
|
offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_SUPPORTED_ENCTYPES);
|
|
|
|
break;
|
2015-02-17 08:39:47 +00:00
|
|
|
case KERBEROS_PA_PAC_OPTIONS:
|
2019-03-22 13:03:58 +00:00
|
|
|
offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset, hf_index, dissect_kerberos_PA_PAC_OPTIONS);
|
|
|
|
break;
|
2019-01-10 08:41:31 +00:00
|
|
|
case KERBEROS_PA_REQ_ENC_PA_REP:
|
|
|
|
offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_Checksum);
|
|
|
|
break;
|
2008-10-15 20:08:10 +00:00
|
|
|
default:
|
2008-10-16 21:27:14 +00:00
|
|
|
offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, NULL);
|
2008-10-15 20:08:10 +00:00
|
|
|
}
|
2008-10-17 16:09:34 +00:00
|
|
|
|
|
|
|
#.FN_BODY HostAddress/address
|
2013-05-16 21:16:45 +00:00
|
|
|
gint8 appclass;
|
2008-10-17 16:09:34 +00:00
|
|
|
gboolean pc;
|
|
|
|
gint32 tag;
|
|
|
|
guint32 len;
|
2014-05-15 02:30:07 +00:00
|
|
|
const char *address_str;
|
2008-10-17 16:09:34 +00:00
|
|
|
proto_item *it=NULL;
|
2014-04-25 13:23:13 +00:00
|
|
|
kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
|
2008-10-17 16:09:34 +00:00
|
|
|
|
|
|
|
/* read header and len for the octet string */
|
2013-05-16 21:16:45 +00:00
|
|
|
offset=dissect_ber_identifier(actx->pinfo, tree, tvb, offset, &appclass, &pc, &tag);
|
2008-10-17 16:09:34 +00:00
|
|
|
offset=dissect_ber_length(actx->pinfo, tree, tvb, offset, &len, NULL);
|
|
|
|
|
2014-04-25 13:23:13 +00:00
|
|
|
switch(private_data->addr_type){
|
2014-04-23 14:59:28 +00:00
|
|
|
case KERBEROS_ADDR_TYPE_IPV4:
|
2012-05-09 22:08:00 +00:00
|
|
|
it=proto_tree_add_item(tree, hf_krb_address_ip, tvb, offset, 4, ENC_BIG_ENDIAN);
|
2014-05-15 02:30:07 +00:00
|
|
|
address_str = tvb_ip_to_str(tvb, offset);
|
2008-10-17 16:09:34 +00:00
|
|
|
break;
|
2014-04-23 14:59:28 +00:00
|
|
|
case KERBEROS_ADDR_TYPE_NETBIOS:
|
2008-10-17 16:09:34 +00:00
|
|
|
{
|
|
|
|
char netbios_name[(NETBIOS_NAME_LEN - 1)*4 + 1];
|
|
|
|
int netbios_name_type;
|
|
|
|
int netbios_name_len = (NETBIOS_NAME_LEN - 1)*4 + 1;
|
|
|
|
|
|
|
|
netbios_name_type = process_netbios_name(tvb_get_ptr(tvb, offset, 16), netbios_name, netbios_name_len);
|
2014-05-15 02:30:07 +00:00
|
|
|
address_str = wmem_strdup_printf(wmem_packet_scope(), "%s<%02x>", netbios_name, netbios_name_type);
|
2008-10-17 16:09:34 +00:00
|
|
|
it=proto_tree_add_string_format(tree, hf_krb_address_netbios, tvb, offset, 16, netbios_name, "NetBIOS Name: %s (%s)", address_str, netbios_name_type_descr(netbios_name_type));
|
|
|
|
}
|
|
|
|
break;
|
2014-04-23 14:59:28 +00:00
|
|
|
case KERBEROS_ADDR_TYPE_IPV6:
|
2012-05-09 22:08:00 +00:00
|
|
|
it=proto_tree_add_item(tree, hf_krb_address_ipv6, tvb, offset, INET6_ADDRLEN, ENC_NA);
|
2014-05-15 02:30:07 +00:00
|
|
|
address_str = tvb_ip6_to_str(tvb, offset);
|
2008-10-17 16:09:34 +00:00
|
|
|
break;
|
|
|
|
default:
|
2014-08-08 13:19:29 +00:00
|
|
|
proto_tree_add_expert(tree, actx->pinfo, &ei_kerberos_address, tvb, offset, len);
|
2014-05-15 02:30:07 +00:00
|
|
|
address_str = NULL;
|
2008-10-17 16:09:34 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/* push it up two levels in the decode pane */
|
2014-05-15 02:30:07 +00:00
|
|
|
if(it && address_str){
|
2008-10-17 16:09:34 +00:00
|
|
|
proto_item_append_text(proto_item_get_parent(it), " %s",address_str);
|
|
|
|
proto_item_append_text(proto_item_get_parent_nth(it, 2), " %s",address_str);
|
|
|
|
}
|
|
|
|
|
|
|
|
offset+=len;
|
|
|
|
return offset;
|
|
|
|
|
2008-10-15 20:08:10 +00:00
|
|
|
|
|
|
|
#.TYPE_ATTR
|
2008-10-16 21:27:14 +00:00
|
|
|
#xxx TYPE = FT_UINT16 DISPLAY = BASE_DEC STRINGS = VALS(xx_vals)
|
2008-10-15 06:14:24 +00:00
|
|
|
|
2014-04-25 13:23:13 +00:00
|
|
|
#.FN_BODY ENCTYPE VAL_PTR=&(private_data->etype)
|
|
|
|
kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
|
|
|
|
%(DEFAULT_BODY)s
|
2013-05-16 12:21:43 +00:00
|
|
|
|
|
|
|
#.FN_BODY EncryptedTicketData/cipher
|
2014-04-25 13:23:13 +00:00
|
|
|
##ifdef HAVE_KERBEROS
|
2013-05-16 12:21:43 +00:00
|
|
|
offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_ticket_data);
|
2014-04-25 13:23:13 +00:00
|
|
|
##else
|
2013-05-16 12:21:43 +00:00
|
|
|
%(DEFAULT_BODY)s
|
2014-04-25 13:23:13 +00:00
|
|
|
##endif
|
2013-05-16 12:21:43 +00:00
|
|
|
return offset;
|
|
|
|
|
|
|
|
#.FN_BODY EncryptedAuthorizationData/cipher
|
2015-03-20 16:41:45 +00:00
|
|
|
##ifdef HAVE_KERBEROS
|
|
|
|
offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_authorization_data);
|
|
|
|
##else
|
|
|
|
%(DEFAULT_BODY)s
|
|
|
|
##endif
|
|
|
|
return offset;
|
|
|
|
|
|
|
|
#.FN_BODY EncryptedAuthenticator/cipher
|
2014-04-25 13:23:13 +00:00
|
|
|
##ifdef HAVE_KERBEROS
|
2013-05-16 12:21:43 +00:00
|
|
|
offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_authenticator_data);
|
2014-04-25 13:23:13 +00:00
|
|
|
##else
|
2013-05-16 12:21:43 +00:00
|
|
|
%(DEFAULT_BODY)s
|
2014-04-25 13:23:13 +00:00
|
|
|
##endif
|
2013-05-16 12:21:43 +00:00
|
|
|
return offset;
|
|
|
|
|
|
|
|
#.FN_BODY EncryptedKDCREPData/cipher
|
2014-04-25 13:23:13 +00:00
|
|
|
##ifdef HAVE_KERBEROS
|
2013-05-16 12:21:43 +00:00
|
|
|
offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_KDC_REP_data);
|
2014-04-25 13:23:13 +00:00
|
|
|
##else
|
2013-05-16 12:21:43 +00:00
|
|
|
%(DEFAULT_BODY)s
|
2014-04-25 13:23:13 +00:00
|
|
|
##endif
|
2013-05-16 12:21:43 +00:00
|
|
|
return offset;
|
|
|
|
|
|
|
|
#.FN_BODY PA-ENC-TIMESTAMP/cipher
|
2014-04-25 13:23:13 +00:00
|
|
|
##ifdef HAVE_KERBEROS
|
2013-05-16 12:21:43 +00:00
|
|
|
offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_PA_ENC_TIMESTAMP);
|
2014-04-25 13:23:13 +00:00
|
|
|
##else
|
2013-05-16 12:21:43 +00:00
|
|
|
%(DEFAULT_BODY)s
|
2014-04-25 13:23:13 +00:00
|
|
|
##endif
|
2013-05-16 12:21:43 +00:00
|
|
|
return offset;
|
|
|
|
|
|
|
|
#.FN_BODY EncryptedAPREPData/cipher
|
2014-04-25 13:23:13 +00:00
|
|
|
##ifdef HAVE_KERBEROS
|
2013-05-16 12:21:43 +00:00
|
|
|
offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_AP_REP_data);
|
2014-04-25 13:23:13 +00:00
|
|
|
##else
|
2013-05-16 12:21:43 +00:00
|
|
|
%(DEFAULT_BODY)s
|
2014-04-25 13:23:13 +00:00
|
|
|
##endif
|
2013-05-16 12:21:43 +00:00
|
|
|
return offset;
|
|
|
|
|
|
|
|
#.FN_BODY EncryptedKrbPrivData/cipher
|
2014-04-25 13:23:13 +00:00
|
|
|
##ifdef HAVE_KERBEROS
|
2013-05-16 12:21:43 +00:00
|
|
|
offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_PRIV_data);
|
2014-04-25 13:23:13 +00:00
|
|
|
##else
|
2013-05-16 12:21:43 +00:00
|
|
|
%(DEFAULT_BODY)s
|
2014-04-25 13:23:13 +00:00
|
|
|
##endif
|
2013-05-16 12:21:43 +00:00
|
|
|
return offset;
|
|
|
|
|
|
|
|
#.FN_BODY EncryptedKrbCredData/cipher
|
2014-04-25 13:23:13 +00:00
|
|
|
##ifdef HAVE_KERBEROS
|
2013-05-16 12:21:43 +00:00
|
|
|
offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_CRED_data);
|
2014-04-25 13:23:13 +00:00
|
|
|
##else
|
2013-05-16 12:21:43 +00:00
|
|
|
%(DEFAULT_BODY)s
|
2014-04-25 13:23:13 +00:00
|
|
|
##endif
|
2013-05-16 12:21:43 +00:00
|
|
|
return offset;
|
|
|
|
|
|
|
|
|
2014-04-25 13:23:13 +00:00
|
|
|
#.FN_BODY CKSUMTYPE VAL_PTR=&(private_data->checksum_type)
|
|
|
|
kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
|
|
|
|
%(DEFAULT_BODY)s
|
2013-05-16 12:21:43 +00:00
|
|
|
|
|
|
|
#.FN_BODY Checksum/checksum
|
|
|
|
tvbuff_t *next_tvb;
|
2014-04-25 13:23:13 +00:00
|
|
|
kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
|
2013-05-16 12:21:43 +00:00
|
|
|
|
2014-04-25 13:23:13 +00:00
|
|
|
switch(private_data->checksum_type){
|
2013-05-16 12:21:43 +00:00
|
|
|
case KRB5_CHKSUM_GSSAPI:
|
|
|
|
offset=dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_index, &next_tvb);
|
|
|
|
dissect_krb5_rfc1964_checksum(actx, tree, next_tvb);
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
offset=dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_index, NULL);
|
|
|
|
}
|
|
|
|
return offset;
|
|
|
|
|
2014-04-25 13:23:13 +00:00
|
|
|
#.FN_BODY EncryptionKey/keytype VAL_PTR=&gbl_keytype
|
|
|
|
kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
|
2013-05-16 12:21:43 +00:00
|
|
|
|
|
|
|
offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
|
2013-05-17 19:31:44 +00:00
|
|
|
&gbl_keytype);
|
2014-04-25 13:23:13 +00:00
|
|
|
private_data->key.keytype = gbl_keytype;
|
2013-05-16 12:21:43 +00:00
|
|
|
|
2014-10-08 21:58:18 +00:00
|
|
|
#.FN_BODY EncryptionKey/keyvalue VAL_PTR=&out_tvb
|
|
|
|
tvbuff_t *out_tvb;
|
2014-04-25 13:23:13 +00:00
|
|
|
kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
|
2013-05-16 12:21:43 +00:00
|
|
|
|
|
|
|
%(DEFAULT_BODY)s
|
|
|
|
|
2014-10-08 21:58:18 +00:00
|
|
|
private_data->key.keylength = tvb_reported_length(out_tvb);
|
|
|
|
private_data->key.keyvalue = tvb_get_ptr(out_tvb, 0, private_data->key.keylength);
|
|
|
|
|
2013-05-16 12:21:43 +00:00
|
|
|
#.FN_BODY EncryptionKey
|
2014-04-25 13:23:13 +00:00
|
|
|
kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
|
2013-05-16 12:21:43 +00:00
|
|
|
|
|
|
|
%(DEFAULT_BODY)s
|
|
|
|
|
2018-03-28 11:21:20 +00:00
|
|
|
if (private_data->key.keytype != 0 && private_data->key.keylength > 0) {
|
2014-04-25 13:23:13 +00:00
|
|
|
##ifdef HAVE_KERBEROS
|
|
|
|
add_encryption_key(actx->pinfo, private_data->key.keytype, private_data->key.keylength, private_data->key.keyvalue, "key");
|
|
|
|
##endif
|
2013-05-16 12:21:43 +00:00
|
|
|
}
|
|
|
|
|
2015-02-18 12:01:14 +00:00
|
|
|
#.FN_BODY AUTHDATA-TYPE VAL_PTR=&(private_data->ad_type)
|
2014-04-25 13:23:13 +00:00
|
|
|
kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
|
2015-02-18 12:01:14 +00:00
|
|
|
%(DEFAULT_BODY)s
|
2013-05-16 12:21:43 +00:00
|
|
|
|
|
|
|
#.FN_BODY AuthorizationData/_item/ad-data
|
2014-04-25 13:23:13 +00:00
|
|
|
kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
|
2013-05-16 12:21:43 +00:00
|
|
|
|
2014-04-25 13:23:13 +00:00
|
|
|
switch(private_data->ad_type){
|
2015-02-18 12:01:14 +00:00
|
|
|
case KERBEROS_AD_WIN2K_PAC:
|
2014-12-14 16:03:08 +00:00
|
|
|
offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset, hf_index, dissect_krb5_AD_WIN2K_PAC);
|
|
|
|
break;
|
2015-02-18 12:01:14 +00:00
|
|
|
case KERBEROS_AD_IF_RELEVANT:
|
2013-05-16 12:21:43 +00:00
|
|
|
offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset, hf_index, dissect_kerberos_AD_IF_RELEVANT);
|
|
|
|
break;
|
2017-10-19 11:02:37 +00:00
|
|
|
case KERBEROS_AD_GSS_API_ETYPE_NEGOTIATION:
|
|
|
|
offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset, hf_index, dissect_kerberos_SEQUENCE_OF_ENCTYPE);
|
|
|
|
break;
|
2015-02-19 09:45:42 +00:00
|
|
|
case KERBEROS_AD_TOKEN_RESTRICTIONS:
|
|
|
|
offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset, hf_index, dissect_kerberos_KERB_AD_RESTRICTION_ENTRY);
|
|
|
|
break;
|
2015-02-19 10:02:30 +00:00
|
|
|
case KERBEROS_AD_AP_OPTIONS:
|
|
|
|
offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset, hf_index, dissect_kerberos_AD_AP_OPTIONS);
|
|
|
|
break;
|
2017-10-19 11:23:36 +00:00
|
|
|
case KERBEROS_AD_TARGET_PRINCIPAL:
|
|
|
|
offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset, hf_index, dissect_kerberos_AD_TARGET_PRINCIPAL);
|
|
|
|
break;
|
2013-05-16 12:21:43 +00:00
|
|
|
default:
|
|
|
|
offset=dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index, NULL);
|
|
|
|
}
|
|
|
|
|
2018-12-31 17:01:17 +00:00
|
|
|
#.FN_BODY S4UUserID/subject-certificate
|
|
|
|
offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset,hf_index, dissect_x509af_Certificate);
|
|
|
|
|
2014-04-25 13:23:13 +00:00
|
|
|
#.FN_BODY ADDR-TYPE VAL_PTR=&(private_data->addr_type)
|
|
|
|
kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
|
2014-04-23 22:07:18 +00:00
|
|
|
%(DEFAULT_BODY)s
|
2013-05-16 12:21:43 +00:00
|
|
|
|
|
|
|
#.FN_BODY KDC-REQ-BODY
|
|
|
|
conversation_t *conversation;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* UDP replies to KDC_REQs are sent from the server back to the client's
|
|
|
|
* source port, similar to the way TFTP works. Set up a conversation
|
|
|
|
* accordingly.
|
|
|
|
*
|
|
|
|
* Ref: Section 7.2.1 of
|
|
|
|
* http://www.ietf.org/internet-drafts/draft-ietf-krb-wg-kerberos-clarifications-07.txt
|
|
|
|
*/
|
|
|
|
if (actx->pinfo->destport == UDP_PORT_KERBEROS && actx->pinfo->ptype == PT_UDP) {
|
2017-10-29 14:12:59 +00:00
|
|
|
conversation = find_conversation(actx->pinfo->num, &actx->pinfo->src, &actx->pinfo->dst, ENDPOINT_UDP,
|
2013-05-16 12:21:43 +00:00
|
|
|
actx->pinfo->srcport, 0, NO_PORT_B);
|
|
|
|
if (conversation == NULL) {
|
2017-10-29 14:12:59 +00:00
|
|
|
conversation = conversation_new(actx->pinfo->num, &actx->pinfo->src, &actx->pinfo->dst, ENDPOINT_UDP,
|
2013-05-16 12:21:43 +00:00
|
|
|
actx->pinfo->srcport, 0, NO_PORT2);
|
|
|
|
conversation_set_dissector(conversation, kerberos_handle_udp);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
%(DEFAULT_BODY)s
|
|
|
|
|
|
|
|
#.FN_BODY KRB-SAFE-BODY/user-data
|
2020-03-16 19:39:16 +00:00
|
|
|
kerberos_private_data_t* private_data = kerberos_get_private_data(actx);
|
2013-05-16 12:21:43 +00:00
|
|
|
tvbuff_t *new_tvb;
|
|
|
|
offset=dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_index, &new_tvb);
|
|
|
|
if (new_tvb) {
|
2020-03-16 19:39:16 +00:00
|
|
|
call_kerberos_callbacks(actx->pinfo, tree, new_tvb, KRB_CBTAG_SAFE_USER_DATA, private_data->callbacks);
|
2013-05-16 12:21:43 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
#.FN_BODY EncKrbPrivPart/user-data
|
2020-03-16 19:39:16 +00:00
|
|
|
kerberos_private_data_t* private_data = kerberos_get_private_data(actx);
|
2013-05-16 12:21:43 +00:00
|
|
|
tvbuff_t *new_tvb;
|
|
|
|
offset=dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_index, &new_tvb);
|
|
|
|
if (new_tvb) {
|
2020-03-16 19:39:16 +00:00
|
|
|
call_kerberos_callbacks(actx->pinfo, tree, new_tvb, KRB_CBTAG_PRIV_USER_DATA, private_data->callbacks);
|
2013-05-16 12:21:43 +00:00
|
|
|
}
|
2016-09-24 12:29:07 +00:00
|
|
|
|
2018-12-04 01:30:56 +00:00
|
|
|
#.FN_HDR EncKDCRepPart/encrypted-pa-data
|
|
|
|
kerberos_private_data_t* private_data = kerberos_get_private_data(actx);
|
|
|
|
private_data->is_enc_padata = TRUE;
|
|
|
|
|
|
|
|
#.FN_FTR EncKDCRepPart/encrypted-pa-data
|
|
|
|
private_data->is_enc_padata = FALSE;
|
|
|
|
|