Add asn1 file from Heimdal use som stuff from it add more dissection in the template and .cnf file.
svn path=/trunk/; revision=26484
This commit is contained in:
parent
c38033dfca
commit
248049bcbb
|
@ -53,13 +53,15 @@ KerberosString ::= GeneralString (IA5String)
|
|||
Realm ::= KerberosString
|
||||
|
||||
PrincipalName ::= SEQUENCE {
|
||||
name-type [0] Int32,
|
||||
-- name-type [0] Int32, Use the translationj from krb5.asn (Heimdahl)
|
||||
name-type [0] NAME-TYPE,
|
||||
name-string [1] SEQUENCE OF KerberosString
|
||||
}
|
||||
|
||||
KerberosTime ::= GeneralizedTime -- with no fractional seconds
|
||||
|
||||
HostAddress ::= SEQUENCE {
|
||||
-- addr-type [0] ADDR-TYPE, use k5.asn
|
||||
addr-type [0] Int32,
|
||||
address [1] OCTET STRING
|
||||
}
|
||||
|
@ -79,7 +81,8 @@ AuthorizationData ::= SEQUENCE OF SEQUENCE {
|
|||
|
||||
PA-DATA ::= SEQUENCE {
|
||||
-- NOTE: first tag is [1], not [0]
|
||||
padata-type [1] Int32,
|
||||
-- padata-type [1] Int32, use k5.asn
|
||||
padata-type [1] PADATA-TYPE,
|
||||
padata-value [2] OCTET STRING -- might be encoded AP-REQ
|
||||
}
|
||||
|
||||
|
@ -88,7 +91,8 @@ KerberosFlags ::= BIT STRING (SIZE (32..MAX))
|
|||
-- but no fewer than 32
|
||||
|
||||
EncryptedData ::= SEQUENCE {
|
||||
etype [0] Int32 -- EncryptionType --,
|
||||
-- etype [0] Int32 - - EncryptionType - -, Use k5.asn
|
||||
etype [0] ENCTYPE -- EncryptionType --,
|
||||
kvno [1] UInt32 OPTIONAL,
|
||||
cipher [2] OCTET STRING -- ciphertext
|
||||
}
|
||||
|
@ -99,7 +103,8 @@ EncryptionKey ::= SEQUENCE {
|
|||
}
|
||||
|
||||
Checksum ::= SEQUENCE {
|
||||
cksumtype [0] Int32,
|
||||
-- cksumtype [0] Int32, Use k5.asn
|
||||
cksumtype [0] CKSUMTYPE,
|
||||
checksum [1] OCTET STRING
|
||||
}
|
||||
|
||||
|
@ -130,8 +135,8 @@ TransitedEncoding ::= SEQUENCE {
|
|||
tr-type [0] Int32 -- must be registered --,
|
||||
contents [1] OCTET STRING
|
||||
}
|
||||
|
||||
TicketFlags ::= KerberosFlags
|
||||
-- Use the k5.asn def
|
||||
-- TicketFlags ::= KerberosFlags
|
||||
-- reserved(0),
|
||||
-- forwardable(1),
|
||||
-- forwarded(2),
|
||||
|
@ -156,7 +161,8 @@ KDC-REQ ::= SEQUENCE {
|
|||
-- NOTE: first tag is [1], not [0]
|
||||
pvno [1] INTEGER (5) ,
|
||||
-- msg-type [2] INTEGER (10 - - AS - - | 12 - - TGS - -),
|
||||
msg-type [2] INTEGER,
|
||||
-- msg-type [2] INTEGER, use k5.asn
|
||||
msg-type [2] MESSAGE-TYPE,
|
||||
padata [3] SEQUENCE OF PA-DATA OPTIONAL
|
||||
-- NOTE: not empty --,
|
||||
req-body [4] KDC-REQ-BODY
|
||||
|
@ -174,7 +180,8 @@ KDC-REQ-BODY ::= SEQUENCE {
|
|||
till [5] KerberosTime,
|
||||
rtime [6] KerberosTime OPTIONAL,
|
||||
nonce [7] UInt32,
|
||||
etype [8] SEQUENCE OF Int32 -- EncryptionType
|
||||
-- etype [8] SEQUENCE OF Int32 - - EncryptionType Use k5.asn
|
||||
etype [8] SEQUENCE OF ENCTYPE -- EncryptionType
|
||||
-- in preference order --,
|
||||
addresses [9] HostAddresses OPTIONAL,
|
||||
enc-authorization-data [10] EncryptedData OPTIONAL
|
||||
|
@ -183,7 +190,8 @@ KDC-REQ-BODY ::= SEQUENCE {
|
|||
-- NOTE: not empty
|
||||
}
|
||||
|
||||
KDCOptions ::= KerberosFlags
|
||||
-- Use th k5.asn def
|
||||
--KDCOptions ::= KerberosFlags
|
||||
-- reserved(0),
|
||||
-- forwardable(1),
|
||||
-- forwarded(2),
|
||||
|
@ -216,7 +224,8 @@ TGS-REP ::= [APPLICATION 13] KDC-REP
|
|||
KDC-REP ::= SEQUENCE {
|
||||
pvno [0] INTEGER (5),
|
||||
-- msg-type [1] INTEGER (11 - - AS - - | 13 - - TGS - -),
|
||||
msg-type [1] INTEGER,
|
||||
-- msg-type [1] INTEGER, use k5.asn
|
||||
msg-type [1] MESSAGE-TYPE,
|
||||
padata [2] SEQUENCE OF PA-DATA OPTIONAL
|
||||
-- NOTE: not empty --,
|
||||
crealm [3] Realm,
|
||||
|
@ -243,23 +252,26 @@ EncKDCRepPart ::= SEQUENCE {
|
|||
renew-till [8] KerberosTime OPTIONAL,
|
||||
srealm [9] Realm,
|
||||
sname [10] PrincipalName,
|
||||
caddr [11] HostAddresses OPTIONAL
|
||||
caddr [11] HostAddresses OPTIONAL,
|
||||
encrypted-pa-data[12] METHOD-DATA OPTIONAL -- from k5.asn
|
||||
}
|
||||
|
||||
LastReq ::= SEQUENCE OF SEQUENCE {
|
||||
lr-type [0] Int32,
|
||||
-- lr-type [0] Int32, Use k5.asn
|
||||
lr-type [0] LR-TYPE,
|
||||
lr-value [1] KerberosTime
|
||||
}
|
||||
|
||||
AP-REQ ::= [APPLICATION 14] SEQUENCE {
|
||||
pvno [0] INTEGER (5),
|
||||
msg-type [1] INTEGER (14),
|
||||
-- msg-type [1] INTEGER (14), use k5.asn
|
||||
msg-type [1] MESSAGE-TYPE,
|
||||
ap-options [2] APOptions,
|
||||
ticket [3] Ticket,
|
||||
authenticator [4] EncryptedData -- Authenticator
|
||||
}
|
||||
|
||||
APOptions ::= KerberosFlags
|
||||
-- Use the krb5.asn def.
|
||||
--APOptions ::= KerberosFlags
|
||||
-- reserved(0),
|
||||
-- use-session-key(1),
|
||||
-- mutual-required(2)
|
||||
|
@ -279,7 +291,8 @@ Authenticator ::= [APPLICATION 2] SEQUENCE {
|
|||
|
||||
AP-REP ::= [APPLICATION 15] SEQUENCE {
|
||||
pvno [0] INTEGER (5),
|
||||
msg-type [1] INTEGER (15),
|
||||
-- msg-type [1] INTEGER (15), Use k5.asn
|
||||
msg-type [1] MESSAGE-TYPE,
|
||||
enc-part [2] EncryptedData -- EncAPRepPart
|
||||
}
|
||||
|
||||
|
@ -292,7 +305,8 @@ EncAPRepPart ::= [APPLICATION 27] SEQUENCE {
|
|||
|
||||
KRB-SAFE ::= [APPLICATION 20] SEQUENCE {
|
||||
pvno [0] INTEGER (5),
|
||||
msg-type [1] INTEGER (20),
|
||||
-- msg-type [1] INTEGER (20), use k5.asn
|
||||
msg-type [1] MESSAGE-TYPE,
|
||||
safe-body [2] KRB-SAFE-BODY,
|
||||
cksum [3] Checksum
|
||||
}
|
||||
|
@ -308,7 +322,8 @@ KRB-SAFE-BODY ::= SEQUENCE {
|
|||
|
||||
KRB-PRIV ::= [APPLICATION 21] SEQUENCE {
|
||||
pvno [0] INTEGER (5),
|
||||
msg-type [1] INTEGER (21),
|
||||
-- msg-type [1] INTEGER (21), Use k5.asn
|
||||
msg-type [1] MESSAGE-TYPE,
|
||||
-- NOTE: there is no [2] tag
|
||||
enc-part [3] EncryptedData -- EncKrbPrivPart
|
||||
}
|
||||
|
@ -324,7 +339,8 @@ EncKrbPrivPart ::= [APPLICATION 28] SEQUENCE {
|
|||
|
||||
KRB-CRED ::= [APPLICATION 22] SEQUENCE {
|
||||
pvno [0] INTEGER (5),
|
||||
msg-type [1] INTEGER (22),
|
||||
-- msg-type [1] INTEGER (22), use k5.asn
|
||||
msg-type [1] MESSAGE-TYPE,
|
||||
tickets [2] SEQUENCE OF Ticket,
|
||||
enc-part [3] EncryptedData -- EncKrbCredPart
|
||||
}
|
||||
|
@ -354,7 +370,8 @@ KrbCredInfo ::= SEQUENCE {
|
|||
|
||||
KRB-ERROR ::= [APPLICATION 30] SEQUENCE {
|
||||
pvno [0] INTEGER (5),
|
||||
msg-type [1] INTEGER (30),
|
||||
-- msg-type [1] INTEGER (30), use k5.asn
|
||||
msg-type [1] MESSAGE-TYPE,
|
||||
ctime [2] KerberosTime OPTIONAL,
|
||||
cusec [3] Microseconds OPTIONAL,
|
||||
stime [4] KerberosTime,
|
||||
|
@ -385,14 +402,16 @@ PA-ENC-TS-ENC ::= SEQUENCE {
|
|||
}
|
||||
|
||||
ETYPE-INFO-ENTRY ::= SEQUENCE {
|
||||
etype [0] Int32,
|
||||
-- etype [0] Int32, use k5.asn
|
||||
etype [0] ENCTYPE,
|
||||
salt [1] OCTET STRING OPTIONAL
|
||||
}
|
||||
|
||||
ETYPE-INFO ::= SEQUENCE OF ETYPE-INFO-ENTRY
|
||||
|
||||
ETYPE-INFO2-ENTRY ::= SEQUENCE {
|
||||
etype [0] Int32,
|
||||
-- etype [0] Int32, use k5.asn
|
||||
etype [0] ENCTYPE,
|
||||
salt [1] KerberosString OPTIONAL,
|
||||
s2kparams [2] OCTET STRING OPTIONAL
|
||||
}
|
||||
|
|
|
@ -32,7 +32,8 @@ EXPORT_FILES = \
|
|||
|
||||
EXT_ASN_FILE_LIST =
|
||||
|
||||
ASN_FILE_LIST = KerberosV5Spec2.asn
|
||||
ASN_FILE_LIST = KerberosV5Spec2.asn \
|
||||
k5.asn
|
||||
|
||||
# The packet-$(PROTOCOL_NAME)-template.h and $(PROTOCOL_NAME).asn
|
||||
# files do not exist # for all protocols: Please add/remove as required.
|
||||
|
|
|
@ -0,0 +1,694 @@
|
|||
-- Extracted from http://www.h5l.org/dist/src/heimdal-1.2.tar.gz
|
||||
-- Id: k5.asn1 22745 2008-03-24 12:07:54Z lha $
|
||||
-- Commented out stuff already in KerberosV5Spec2.asn
|
||||
-- $Id$
|
||||
KERBEROS5 DEFINITIONS ::=
|
||||
BEGIN
|
||||
|
||||
NAME-TYPE ::= INTEGER {
|
||||
kRB5-NT-UNKNOWN(0), -- Name type not known
|
||||
kRB5-NT-PRINCIPAL(1), -- Just the name of the principal as in
|
||||
kRB5-NT-SRV-INST(2), -- Service and other unique instance (krbtgt)
|
||||
kRB5-NT-SRV-HST(3), -- Service with host name as instance
|
||||
kRB5-NT-SRV-XHST(4), -- Service with host as remaining components
|
||||
kRB5-NT-UID(5), -- Unique ID
|
||||
kRB5-NT-X500-PRINCIPAL(6), -- PKINIT
|
||||
kRB5-NT-SMTP-NAME(7), -- Name in form of SMTP email name
|
||||
kRB5-NT-ENTERPRISE-PRINCIPAL(10), -- Windows 2000 UPN
|
||||
kRB5-NT-ENT-PRINCIPAL-AND-ID(-130), -- Windows 2000 UPN and SID
|
||||
kRB5-NT-MS-PRINCIPAL(-128), -- NT 4 style name
|
||||
kRB5-NT-MS-PRINCIPAL-AND-ID(-129) -- NT style name and SID
|
||||
}
|
||||
|
||||
-- message types
|
||||
|
||||
MESSAGE-TYPE ::= INTEGER {
|
||||
krb-as-req(10), -- Request for initial authentication
|
||||
krb-as-rep(11), -- Response to KRB_AS_REQ request
|
||||
krb-tgs-req(12), -- Request for authentication based on TGT
|
||||
krb-tgs-rep(13), -- Response to KRB_TGS_REQ request
|
||||
krb-ap-req(14), -- application request to server
|
||||
krb-ap-rep(15), -- Response to KRB_AP_REQ_MUTUAL
|
||||
krb-safe(20), -- Safe (checksummed) application message
|
||||
krb-priv(21), -- Private (encrypted) application message
|
||||
krb-cred(22), -- Private (encrypted) message to forward credentials
|
||||
krb-error(30) -- Error response
|
||||
}
|
||||
|
||||
|
||||
-- pa-data types
|
||||
|
||||
PADATA-TYPE ::= INTEGER {
|
||||
kRB5-PADATA-NONE(0),
|
||||
kRB5-PADATA-TGS-REQ(1),
|
||||
kRB5-PADATA-AP-REQ(1),
|
||||
kRB5-PADATA-ENC-TIMESTAMP(2),
|
||||
kRB5-PADATA-PW-SALT(3),
|
||||
kRB5-PADATA-ENC-UNIX-TIME(5),
|
||||
kRB5-PADATA-SANDIA-SECUREID(6),
|
||||
kRB5-PADATA-SESAME(7),
|
||||
kRB5-PADATA-OSF-DCE(8),
|
||||
kRB5-PADATA-CYBERSAFE-SECUREID(9),
|
||||
kRB5-PADATA-AFS3-SALT(10),
|
||||
kRB5-PADATA-ETYPE-INFO(11),
|
||||
kRB5-PADATA-SAM-CHALLENGE(12), -- (sam/otp)
|
||||
kRB5-PADATA-SAM-RESPONSE(13), -- (sam/otp)
|
||||
kRB5-PADATA-PK-AS-REQ-19(14), -- (PKINIT-19)
|
||||
kRB5-PADATA-PK-AS-REP-19(15), -- (PKINIT-19)
|
||||
kRB5-PADATA-PK-AS-REQ-WIN(15), -- (PKINIT - old number)
|
||||
kRB5-PADATA-PK-AS-REQ(16), -- (PKINIT-25)
|
||||
kRB5-PADATA-PK-AS-REP(17), -- (PKINIT-25)
|
||||
kRB5-PADATA-PA-PK-OCSP-RESPONSE(18),
|
||||
kRB5-PADATA-ETYPE-INFO2(19),
|
||||
kRB5-PADATA-USE-SPECIFIED-KVNO(20),
|
||||
kRB5-PADATA-SVR-REFERRAL-INFO(20), --- old ms referral number
|
||||
kRB5-PADATA-SAM-REDIRECT(21), -- (sam/otp)
|
||||
kRB5-PADATA-GET-FROM-TYPED-DATA(22),
|
||||
kRB5-PADATA-SAM-ETYPE-INFO(23),
|
||||
kRB5-PADATA-SERVER-REFERRAL(25),
|
||||
kRB5-PADATA-TD-KRB-PRINCIPAL(102), -- PrincipalName
|
||||
kRB5-PADATA-PK-TD-TRUSTED-CERTIFIERS(104), -- PKINIT
|
||||
kRB5-PADATA-PK-TD-CERTIFICATE-INDEX(105), -- PKINIT
|
||||
kRB5-PADATA-TD-APP-DEFINED-ERROR(106), -- application specific
|
||||
kRB5-PADATA-TD-REQ-NONCE(107), -- INTEGER
|
||||
kRB5-PADATA-TD-REQ-SEQ(108), -- INTEGER
|
||||
kRB5-PADATA-PA-PAC-REQUEST(128), -- jbrezak@exchange.microsoft.com
|
||||
kRB5-PADATA-S4U2SELF(129),
|
||||
kRB5-PADATA-PK-AS-09-BINDING(132), -- client send this to
|
||||
-- tell KDC that is supports
|
||||
-- the asCheckSum in the
|
||||
-- PK-AS-REP
|
||||
kRB5-PADATA-CLIENT-CANONICALIZED(133) --
|
||||
}
|
||||
|
||||
AUTHDATA-TYPE ::= INTEGER {
|
||||
kRB5-AUTHDATA-IF-RELEVANT(1),
|
||||
kRB5-AUTHDATA-INTENDED-FOR-SERVER(2),
|
||||
kRB5-AUTHDATA-INTENDED-FOR-APPLICATION-CLASS(3),
|
||||
kRB5-AUTHDATA-KDC-ISSUED(4),
|
||||
kRB5-AUTHDATA-AND-OR(5),
|
||||
kRB5-AUTHDATA-MANDATORY-TICKET-EXTENSIONS(6),
|
||||
kRB5-AUTHDATA-IN-TICKET-EXTENSIONS(7),
|
||||
kRB5-AUTHDATA-MANDATORY-FOR-KDC(8),
|
||||
kRB5-AUTHDATA-INITIAL-VERIFIED-CAS(9),
|
||||
kRB5-AUTHDATA-OSF-DCE(64),
|
||||
kRB5-AUTHDATA-SESAME(65),
|
||||
kRB5-AUTHDATA-OSF-DCE-PKI-CERTID(66),
|
||||
kRB5-AUTHDATA-WIN2K-PAC(128),
|
||||
kRB5-AUTHDATA-GSS-API-ETYPE-NEGOTIATION(129), -- Authenticator only
|
||||
kRB5-AUTHDATA-SIGNTICKET(-17)
|
||||
}
|
||||
|
||||
-- checksumtypes
|
||||
|
||||
CKSUMTYPE ::= INTEGER {
|
||||
cKSUMTYPE-NONE(0),
|
||||
cKSUMTYPE-CRC32(1),
|
||||
cKSUMTYPE-RSA-MD4(2),
|
||||
cKSUMTYPE-RSA-MD4-DES(3),
|
||||
cKSUMTYPE-DES-MAC(4),
|
||||
cKSUMTYPE-DES-MAC-K(5),
|
||||
cKSUMTYPE-RSA-MD4-DES-K(6),
|
||||
cKSUMTYPE-RSA-MD5(7),
|
||||
cKSUMTYPE-RSA-MD5-DES(8),
|
||||
cKSUMTYPE-RSA-MD5-DES3(9),
|
||||
cKSUMTYPE-SHA1-OTHER(10),
|
||||
cKSUMTYPE-HMAC-SHA1-DES3(12),
|
||||
cKSUMTYPE-SHA1(14),
|
||||
cKSUMTYPE-HMAC-SHA1-96-AES-128(15),
|
||||
cKSUMTYPE-HMAC-SHA1-96-AES-256(16),
|
||||
cKSUMTYPE-GSSAPI(--0x8003--32771),
|
||||
cKSUMTYPE-HMAC-MD5(-138), -- unofficial microsoft number
|
||||
cKSUMTYPE-HMAC-MD5-ENC(-1138) -- even more unofficial
|
||||
}
|
||||
|
||||
--enctypes
|
||||
ENCTYPE ::= INTEGER {
|
||||
eTYPE-NULL(0),
|
||||
eTYPE-DES-CBC-CRC(1),
|
||||
eTYPE-DES-CBC-MD4(2),
|
||||
eTYPE-DES-CBC-MD5(3),
|
||||
eTYPE-DES3-CBC-MD5(5),
|
||||
eTYPE-OLD-DES3-CBC-SHA1(7),
|
||||
eTYPE-SIGN-DSA-GENERATE(8),
|
||||
eTYPE-ENCRYPT-RSA-PRIV(9),
|
||||
eTYPE-ENCRYPT-RSA-PUB(10),
|
||||
eTYPE-DES3-CBC-SHA1(16), -- with key derivation
|
||||
eTYPE-AES128-CTS-HMAC-SHA1-96(17),
|
||||
eTYPE-AES256-CTS-HMAC-SHA1-96(18),
|
||||
eTYPE-ARCFOUR-HMAC-MD5(23),
|
||||
eTYPE-ARCFOUR-HMAC-MD5-56(24),
|
||||
eTYPE-ENCTYPE-PK-CROSS(48),
|
||||
-- some "old" windows types
|
||||
eTYPE-ARCFOUR-MD4(-128),
|
||||
eTYPE-ARCFOUR-HMAC-OLD(-133),
|
||||
eTYPE-ARCFOUR-HMAC-OLD-EXP(-135),
|
||||
-- these are for Heimdal internal use
|
||||
-- eTYPE-DES-CBC-NONE(-0x1000),
|
||||
eTYPE-DES-CBC-NONE( -4096),
|
||||
-- eTYPE-DES3-CBC-NONE(-0x1001),
|
||||
eTYPE-DES3-CBC-NONE(-4097),
|
||||
-- eTYPE-DES-CFB64-NONE(-0x1002),
|
||||
eTYPE-DES-CFB64-NONE(-4098),
|
||||
-- eTYPE-DES-PCBC-NONE(-0x1003),
|
||||
eTYPE-DES-PCBC-NONE(-4099),
|
||||
-- eTYPE-DIGEST-MD5-NONE(-0x1004), - - private use, lukeh@padl.com
|
||||
eTYPE-DIGEST-MD5-NONE(-4100), -- private use, lukeh@padl.com
|
||||
-- eTYPE-CRAM-MD5-NONE(-0x1005) - - private use, lukeh@padl.com
|
||||
eTYPE-CRAM-MD5-NONE(-4101) -- private use, lukeh@padl.com
|
||||
}
|
||||
|
||||
-- addr-types (WS extension )
|
||||
ADDR-TYPE ::= INTEGER {
|
||||
kRB5-ADDR-IPv4(2),
|
||||
kRB5-ADDR-CHAOS(5),
|
||||
kRB5-ADDR-XEROX(6),
|
||||
kRB5-ADDR-ISO(7),
|
||||
kRB5-ADDR-DECNET(12),
|
||||
kRB5-ADDR-APPLETALK(16),
|
||||
kRB5-ADDR-NETBIOS(20),
|
||||
kRB5-ADDR-IPv6(24)
|
||||
}
|
||||
|
||||
|
||||
|
||||
-- this is sugar to make something ASN1 does not have: unsigned
|
||||
|
||||
Krb5uint32 ::= INTEGER (0..4294967295)
|
||||
Krb5int32 ::= INTEGER (-2147483648..2147483647)
|
||||
|
||||
--KerberosString ::= GeneralString
|
||||
|
||||
--Realm ::= GeneralString
|
||||
--PrincipalName ::= SEQUENCE {
|
||||
-- name-type[0] NAME-TYPE,
|
||||
-- name-string[1] SEQUENCE OF GeneralString
|
||||
--}
|
||||
|
||||
-- this is not part of RFC1510
|
||||
Principal ::= SEQUENCE {
|
||||
name[0] PrincipalName,
|
||||
realm[1] Realm
|
||||
}
|
||||
|
||||
--HostAddress ::= SEQUENCE {
|
||||
-- addr-type [0] Krb5int32,
|
||||
-- address [1] OCTET STRING
|
||||
--}
|
||||
|
||||
-- This is from RFC1510.
|
||||
--
|
||||
-- HostAddresses ::= SEQUENCE OF SEQUENCE {
|
||||
-- addr-type[0] Krb5int32,
|
||||
-- address[1] OCTET STRING
|
||||
-- }
|
||||
|
||||
-- This seems much better.
|
||||
--HostAddresses ::= SEQUENCE OF HostAddress
|
||||
|
||||
|
||||
--KerberosTime ::= GeneralizedTime - - Specifying UTC time zone (Z)
|
||||
|
||||
--AuthorizationDataElement ::= SEQUENCE {
|
||||
-- ad-type[0] Krb5int32,
|
||||
-- ad-data[1] OCTET STRING
|
||||
--}
|
||||
|
||||
--AuthorizationData ::= SEQUENCE OF AuthorizationDataElement
|
||||
|
||||
APOptions ::= BIT STRING {
|
||||
reserved(0),
|
||||
use-session-key(1),
|
||||
mutual-required(2)
|
||||
}
|
||||
|
||||
TicketFlags ::= BIT STRING {
|
||||
reserved(0),
|
||||
forwardable(1),
|
||||
forwarded(2),
|
||||
proxiable(3),
|
||||
proxy(4),
|
||||
may-postdate(5),
|
||||
postdated(6),
|
||||
invalid(7),
|
||||
renewable(8),
|
||||
initial(9),
|
||||
pre-authent(10),
|
||||
hw-authent(11),
|
||||
transited-policy-checked(12),
|
||||
ok-as-delegate(13),
|
||||
anonymous(14)
|
||||
}
|
||||
|
||||
KDCOptions ::= BIT STRING {
|
||||
reserved(0),
|
||||
forwardable(1),
|
||||
forwarded(2),
|
||||
proxiable(3),
|
||||
proxy(4),
|
||||
allow-postdate(5),
|
||||
postdated(6),
|
||||
unused7(7),
|
||||
renewable(8),
|
||||
unused9(9),
|
||||
unused10(10),
|
||||
unused11(11),
|
||||
request-anonymous(14),
|
||||
canonicalize(15),
|
||||
constrained-delegation(16), -- ms extension
|
||||
disable-transited-check(26),
|
||||
renewable-ok(27),
|
||||
enc-tkt-in-skey(28),
|
||||
renew(30),
|
||||
validate(31)
|
||||
}
|
||||
|
||||
LR-TYPE ::= INTEGER {
|
||||
lR-NONE(0), -- no information
|
||||
lR-INITIAL-TGT(1), -- last initial TGT request
|
||||
lR-INITIAL(2), -- last initial request
|
||||
lR-ISSUE-USE-TGT(3), -- time of newest TGT used
|
||||
lR-RENEWAL(4), -- time of last renewal
|
||||
lR-REQUEST(5), -- time of last request (of any type)
|
||||
lR-PW-EXPTIME(6), -- expiration time of password
|
||||
lR-ACCT-EXPTIME(7) -- expiration time of account
|
||||
}
|
||||
|
||||
--LastReq ::= SEQUENCE OF SEQUENCE {
|
||||
-- lr-type[0] LR-TYPE,
|
||||
-- lr-value[1] KerberosTime
|
||||
--}
|
||||
|
||||
|
||||
--EncryptedData ::= SEQUENCE {
|
||||
-- etype[0] ENCTYPE, - - EncryptionType
|
||||
-- kvno[1] Krb5int32 OPTIONAL,
|
||||
-- cipher[2] OCTET STRING - - ciphertext
|
||||
--}
|
||||
|
||||
--EncryptionKey ::= SEQUENCE {
|
||||
-- keytype[0] Krb5int32,
|
||||
-- keyvalue[1] OCTET STRING
|
||||
--}
|
||||
|
||||
-- encoded Transited field
|
||||
--TransitedEncoding ::= SEQUENCE {
|
||||
-- tr-type[0] Krb5int32, - - must be registered
|
||||
-- contents[1] OCTET STRING
|
||||
--}
|
||||
|
||||
--Ticket ::= [APPLICATION 1] SEQUENCE {
|
||||
-- tkt-vno[0] Krb5int32,
|
||||
-- realm[1] Realm,
|
||||
-- sname[2] PrincipalName,
|
||||
-- enc-part[3] EncryptedData
|
||||
--}
|
||||
-- Encrypted part of ticket
|
||||
--EncTicketPart ::= [APPLICATION 3] SEQUENCE {
|
||||
-- flags[0] TicketFlags,
|
||||
-- key[1] EncryptionKey,
|
||||
-- crealm[2] Realm,
|
||||
-- cname[3] PrincipalName,
|
||||
-- transited[4] TransitedEncoding,
|
||||
-- authtime[5] KerberosTime,
|
||||
-- starttime[6] KerberosTime OPTIONAL,
|
||||
-- endtime[7] KerberosTime,
|
||||
-- renew-till[8] KerberosTime OPTIONAL,
|
||||
-- caddr[9] HostAddresses OPTIONAL,
|
||||
-- authorization-data[10] AuthorizationData OPTIONAL
|
||||
--}
|
||||
|
||||
--Checksum ::= SEQUENCE {
|
||||
-- cksumtype[0] CKSUMTYPE,
|
||||
-- checksum[1] OCTET STRING
|
||||
--}
|
||||
|
||||
--Authenticator ::= [APPLICATION 2] SEQUENCE {
|
||||
-- authenticator-vno[0] Krb5int32,
|
||||
-- crealm[1] Realm,
|
||||
-- cname[2] PrincipalName,
|
||||
-- cksum[3] Checksum OPTIONAL,
|
||||
-- cusec[4] Krb5int32,
|
||||
-- ctime[5] KerberosTime,
|
||||
-- subkey[6] EncryptionKey OPTIONAL,
|
||||
-- seq-number[7] Krb5uint32 OPTIONAL,
|
||||
-- authorization-data[8] AuthorizationData OPTIONAL
|
||||
--}
|
||||
|
||||
--PA-DATA ::= SEQUENCE {
|
||||
-- might be encoded AP-REQ
|
||||
-- padata-type[1] PADATA-TYPE,
|
||||
-- padata-value[2] OCTET STRING
|
||||
--}
|
||||
|
||||
--ETYPE-INFO-ENTRY ::= SEQUENCE {
|
||||
-- etype[0] ENCTYPE,
|
||||
-- salt[1] OCTET STRING OPTIONAL,
|
||||
-- salttype[2] Krb5int32 OPTIONAL
|
||||
--}
|
||||
|
||||
--ETYPE-INFO ::= SEQUENCE OF ETYPE-INFO-ENTRY
|
||||
|
||||
--ETYPE-INFO2-ENTRY ::= SEQUENCE {
|
||||
-- etype[0] ENCTYPE,
|
||||
-- salt[1] KerberosString OPTIONAL,
|
||||
-- s2kparams[2] OCTET STRING OPTIONAL
|
||||
--}
|
||||
|
||||
--ETYPE-INFO2 ::= SEQUENCE SIZE (1..MAX) OF ETYPE-INFO2-ENTRY
|
||||
|
||||
-- METHOD-DATA ::= SEQUENCE OF PA-DATA
|
||||
|
||||
--TypedData ::= SEQUENCE {
|
||||
-- data-type[0] Krb5int32,
|
||||
-- data-value[1] OCTET STRING OPTIONAL
|
||||
--}
|
||||
|
||||
--TYPED-DATA ::= SEQUENCE SIZE (1..MAX) OF TypedData
|
||||
|
||||
--KDC-REQ-BODY ::= SEQUENCE {
|
||||
-- kdc-options[0] KDCOptions,
|
||||
-- cname[1] PrincipalName OPTIONAL, - - Used only in AS-REQ
|
||||
-- realm[2] Realm, - - Server's realm
|
||||
-- Also client's in AS-REQ
|
||||
-- sname[3] PrincipalName OPTIONAL,
|
||||
-- from[4] KerberosTime OPTIONAL,
|
||||
-- till[5] KerberosTime OPTIONAL,
|
||||
-- rtime[6] KerberosTime OPTIONAL,
|
||||
-- nonce[7] Krb5int32,
|
||||
-- etype[8] SEQUENCE OF ENCTYPE, - - EncryptionType,
|
||||
-- in preference order
|
||||
-- addresses[9] HostAddresses OPTIONAL,
|
||||
-- enc-authorization-data[10] EncryptedData OPTIONAL,
|
||||
-- Encrypted AuthorizationData encoding
|
||||
-- additional-tickets[11] SEQUENCE OF Ticket OPTIONAL
|
||||
--}
|
||||
|
||||
--KDC-REQ ::= SEQUENCE {
|
||||
-- pvno[1] Krb5int32,
|
||||
-- msg-type[2] MESSAGE-TYPE,
|
||||
-- padata[3] METHOD-DATA OPTIONAL,
|
||||
-- req-body[4] KDC-REQ-BODY
|
||||
--}
|
||||
|
||||
--AS-REQ ::= [APPLICATION 10] KDC-REQ
|
||||
--TGS-REQ ::= [APPLICATION 12] KDC-REQ
|
||||
|
||||
-- padata-type ::= PA-ENC-TIMESTAMP
|
||||
-- padata-value ::= EncryptedData - PA-ENC-TS-ENC
|
||||
|
||||
--PA-ENC-TS-ENC ::= SEQUENCE {
|
||||
-- patimestamp[0] KerberosTime, - - client's time
|
||||
-- pausec[1] Krb5int32 OPTIONAL
|
||||
--}
|
||||
|
||||
-- draft-brezak-win2k-krb-authz-01
|
||||
PA-PAC-REQUEST ::= SEQUENCE {
|
||||
include-pac[0] BOOLEAN -- Indicates whether a PAC
|
||||
-- should be included or not
|
||||
}
|
||||
|
||||
-- PacketCable provisioning server location, PKT-SP-SEC-I09-030728.pdf
|
||||
PROV-SRV-LOCATION ::= GeneralString
|
||||
|
||||
--KDC-REP ::= SEQUENCE {
|
||||
-- pvno[0] Krb5int32,
|
||||
-- msg-type[1] MESSAGE-TYPE,
|
||||
-- padata[2] METHOD-DATA OPTIONAL,
|
||||
-- crealm[3] Realm,
|
||||
-- cname[4] PrincipalName,
|
||||
-- ticket[5] Ticket,
|
||||
-- enc-part[6] EncryptedData
|
||||
--}
|
||||
|
||||
--AS-REP ::= [APPLICATION 11] KDC-REP
|
||||
--TGS-REP ::= [APPLICATION 13] KDC-REP
|
||||
|
||||
--EncKDCRepPart ::= SEQUENCE {
|
||||
-- key[0] EncryptionKey,
|
||||
-- last-req[1] LastReq,
|
||||
-- nonce[2] Krb5int32,
|
||||
-- key-expiration[3] KerberosTime OPTIONAL,
|
||||
-- flags[4] TicketFlags,
|
||||
-- authtime[5] KerberosTime,
|
||||
-- starttime[6] KerberosTime OPTIONAL,
|
||||
-- endtime[7] KerberosTime,
|
||||
-- renew-till[8] KerberosTime OPTIONAL,
|
||||
-- srealm[9] Realm,
|
||||
-- sname[10] PrincipalName,
|
||||
-- caddr[11] HostAddresses OPTIONAL,
|
||||
-- encrypted-pa-data[12] METHOD-DATA OPTIONAL
|
||||
--}
|
||||
|
||||
--EncASRepPart ::= [APPLICATION 25] EncKDCRepPart
|
||||
--EncTGSRepPart ::= [APPLICATION 26] EncKDCRepPart
|
||||
|
||||
--AP-REQ ::= [APPLICATION 14] SEQUENCE {
|
||||
-- pvno[0] Krb5int32,
|
||||
-- msg-type[1] MESSAGE-TYPE,
|
||||
-- ap-options[2] APOptions,
|
||||
-- ticket[3] Ticket,
|
||||
-- authenticator[4] EncryptedData
|
||||
--}
|
||||
|
||||
--AP-REP ::= [APPLICATION 15] SEQUENCE {
|
||||
-- pvno[0] Krb5int32,
|
||||
-- msg-type[1] MESSAGE-TYPE,
|
||||
-- enc-part[2] EncryptedData
|
||||
--}
|
||||
|
||||
--EncAPRepPart ::= [APPLICATION 27] SEQUENCE {
|
||||
-- ctime[0] KerberosTime,
|
||||
-- cusec[1] Krb5int32,
|
||||
-- subkey[2] EncryptionKey OPTIONAL,
|
||||
-- seq-number[3] Krb5uint32 OPTIONAL
|
||||
--}
|
||||
|
||||
--KRB-SAFE-BODY ::= SEQUENCE {
|
||||
-- user-data[0] OCTET STRING,
|
||||
-- timestamp[1] KerberosTime OPTIONAL,
|
||||
-- usec[2] Krb5int32 OPTIONAL,
|
||||
-- seq-number[3] Krb5uint32 OPTIONAL,
|
||||
-- s-address[4] HostAddress OPTIONAL,
|
||||
-- r-address[5] HostAddress OPTIONAL
|
||||
--}
|
||||
|
||||
--KRB-SAFE ::= [APPLICATION 20] SEQUENCE {
|
||||
-- pvno[0] Krb5int32,
|
||||
-- msg-type[1] MESSAGE-TYPE,
|
||||
-- safe-body[2] KRB-SAFE-BODY,
|
||||
-- cksum[3] Checksum
|
||||
--}
|
||||
|
||||
--KRB-PRIV ::= [APPLICATION 21] SEQUENCE {
|
||||
-- pvno[0] Krb5int32,
|
||||
-- msg-type[1] MESSAGE-TYPE,
|
||||
-- enc-part[3] EncryptedData
|
||||
--}
|
||||
--EncKrbPrivPart ::= [APPLICATION 28] SEQUENCE {
|
||||
-- user-data[0] OCTET STRING,
|
||||
-- timestamp[1] KerberosTime OPTIONAL,
|
||||
-- usec[2] Krb5int32 OPTIONAL,
|
||||
-- seq-number[3] Krb5uint32 OPTIONAL,
|
||||
-- s-address[4] HostAddress OPTIONAL, - - sender's addr
|
||||
-- r-address[5] HostAddress OPTIONAL - - recip's addr
|
||||
--}
|
||||
|
||||
--KRB-CRED ::= [APPLICATION 22] SEQUENCE {
|
||||
-- pvno[0] Krb5int32,
|
||||
-- msg-type[1] MESSAGE-TYPE, - - KRB_CRED
|
||||
-- tickets[2] SEQUENCE OF Ticket,
|
||||
-- enc-part[3] EncryptedData
|
||||
--}
|
||||
|
||||
--KrbCredInfo ::= SEQUENCE {
|
||||
-- key[0] EncryptionKey,
|
||||
-- prealm[1] Realm OPTIONAL,
|
||||
-- pname[2] PrincipalName OPTIONAL,
|
||||
-- flags[3] TicketFlags OPTIONAL,
|
||||
-- authtime[4] KerberosTime OPTIONAL,
|
||||
-- starttime[5] KerberosTime OPTIONAL,
|
||||
-- endtime[6] KerberosTime OPTIONAL,
|
||||
-- renew-till[7] KerberosTime OPTIONAL,
|
||||
-- srealm[8] Realm OPTIONAL,
|
||||
-- sname[9] PrincipalName OPTIONAL,
|
||||
-- caddr[10] HostAddresses OPTIONAL
|
||||
--}
|
||||
|
||||
--EncKrbCredPart ::= [APPLICATION 29] SEQUENCE {
|
||||
-- ticket-info[0] SEQUENCE OF KrbCredInfo,
|
||||
-- nonce[1] Krb5int32 OPTIONAL,
|
||||
-- timestamp[2] KerberosTime OPTIONAL,
|
||||
-- usec[3] Krb5int32 OPTIONAL,
|
||||
-- s-address[4] HostAddress OPTIONAL,
|
||||
-- r-address[5] HostAddress OPTIONAL
|
||||
--}
|
||||
|
||||
--KRB-ERROR ::= [APPLICATION 30] SEQUENCE {
|
||||
-- pvno[0] Krb5int32,
|
||||
-- msg-type[1] MESSAGE-TYPE,
|
||||
-- ctime[2] KerberosTime OPTIONAL,
|
||||
-- cusec[3] Krb5int32 OPTIONAL,
|
||||
-- stime[4] KerberosTime,
|
||||
-- susec[5] Krb5int32,
|
||||
-- error-code[6] Krb5int32,
|
||||
-- crealm[7] Realm OPTIONAL,
|
||||
-- cname[8] PrincipalName OPTIONAL,
|
||||
-- realm[9] Realm, - - Correct realm
|
||||
-- sname[10] PrincipalName, - - Correct name
|
||||
-- e-text[11] GeneralString OPTIONAL,
|
||||
-- e-data[12] OCTET STRING OPTIONAL
|
||||
--}
|
||||
|
||||
ChangePasswdDataMS ::= SEQUENCE {
|
||||
newpasswd[0] OCTET STRING,
|
||||
targname[1] PrincipalName OPTIONAL,
|
||||
targrealm[2] Realm OPTIONAL
|
||||
}
|
||||
|
||||
EtypeList ::= SEQUENCE OF Krb5int32
|
||||
-- the client's proposed enctype list in
|
||||
-- decreasing preference order, favorite choice first
|
||||
|
||||
--krb5-pvno Krb5int32 ::= 5 - - current Kerberos protocol version number
|
||||
|
||||
-- transited encodings
|
||||
|
||||
--DOMAIN-X500-COMPRESS Krb5int32 ::= 1
|
||||
|
||||
-- authorization data primitives
|
||||
|
||||
--AD-IF-RELEVANT ::= AuthorizationData
|
||||
|
||||
--AD-KDCIssued ::= SEQUENCE {
|
||||
-- ad-checksum[0] Checksum,
|
||||
-- i-realm[1] Realm OPTIONAL,
|
||||
-- i-sname[2] PrincipalName OPTIONAL,
|
||||
-- elements[3] AuthorizationData
|
||||
--}
|
||||
|
||||
--AD-AND-OR ::= SEQUENCE {
|
||||
-- condition-count[0] INTEGER,
|
||||
-- elements[1] AuthorizationData
|
||||
--}
|
||||
|
||||
--AD-MANDATORY-FOR-KDC ::= AuthorizationData
|
||||
|
||||
-- PA-SAM-RESPONSE-2/PA-SAM-RESPONSE-2
|
||||
|
||||
PA-SAM-TYPE ::= INTEGER {
|
||||
pA-SAM-TYPE-ENIGMA(1), -- Enigma Logic
|
||||
pA-SAM-TYPE-DIGI-PATH(2), -- Digital Pathways
|
||||
pA-SAM-TYPE-SKEY-K0(3), -- S/key where KDC has key 0
|
||||
pA-SAM-TYPE-SKEY(4), -- Traditional S/Key
|
||||
pA-SAM-TYPE-SECURID(5), -- Security Dynamics
|
||||
pA-SAM-TYPE-CRYPTOCARD(6) -- CRYPTOCard
|
||||
}
|
||||
|
||||
PA-SAM-REDIRECT ::= HostAddresses
|
||||
|
||||
SAMFlags ::= BIT STRING {
|
||||
use-sad-as-key(0),
|
||||
send-encrypted-sad(1),
|
||||
must-pk-encrypt-sad(2)
|
||||
}
|
||||
|
||||
PA-SAM-CHALLENGE-2-BODY ::= SEQUENCE {
|
||||
sam-type[0] Krb5int32,
|
||||
sam-flags[1] SAMFlags,
|
||||
sam-type-name[2] GeneralString OPTIONAL,
|
||||
sam-track-id[3] GeneralString OPTIONAL,
|
||||
sam-challenge-label[4] GeneralString OPTIONAL,
|
||||
sam-challenge[5] GeneralString OPTIONAL,
|
||||
sam-response-prompt[6] GeneralString OPTIONAL,
|
||||
sam-pk-for-sad[7] EncryptionKey OPTIONAL,
|
||||
sam-nonce[8] Krb5int32,
|
||||
sam-etype[9] Krb5int32,
|
||||
...
|
||||
}
|
||||
|
||||
PA-SAM-CHALLENGE-2 ::= SEQUENCE {
|
||||
sam-body[0] PA-SAM-CHALLENGE-2-BODY,
|
||||
sam-cksum[1] SEQUENCE OF Checksum, -- (1..MAX)
|
||||
...
|
||||
}
|
||||
|
||||
PA-SAM-RESPONSE-2 ::= SEQUENCE {
|
||||
sam-type[0] Krb5int32,
|
||||
sam-flags[1] SAMFlags,
|
||||
sam-track-id[2] GeneralString OPTIONAL,
|
||||
sam-enc-nonce-or-sad[3] EncryptedData, -- PA-ENC-SAM-RESPONSE-ENC
|
||||
sam-nonce[4] Krb5int32,
|
||||
...
|
||||
}
|
||||
|
||||
PA-ENC-SAM-RESPONSE-ENC ::= SEQUENCE {
|
||||
sam-nonce[0] Krb5int32,
|
||||
sam-sad[1] GeneralString OPTIONAL,
|
||||
...
|
||||
}
|
||||
|
||||
PA-S4U2Self ::= SEQUENCE {
|
||||
name[0] PrincipalName,
|
||||
realm[1] Realm,
|
||||
cksum[2] Checksum,
|
||||
auth[3] GeneralString
|
||||
}
|
||||
|
||||
KRB5SignedPathPrincipals ::= SEQUENCE OF Principal
|
||||
|
||||
-- never encoded on the wire, just used to checksum over
|
||||
KRB5SignedPathData ::= SEQUENCE {
|
||||
encticket[0] EncTicketPart,
|
||||
delegated[1] KRB5SignedPathPrincipals OPTIONAL
|
||||
}
|
||||
|
||||
KRB5SignedPath ::= SEQUENCE {
|
||||
-- DERcoded KRB5SignedPathData
|
||||
-- krbtgt key (etype), KeyUsage = XXX
|
||||
etype[0] ENCTYPE,
|
||||
cksum[1] Checksum,
|
||||
-- srvs delegated though
|
||||
delegated[2] KRB5SignedPathPrincipals OPTIONAL
|
||||
}
|
||||
|
||||
PA-ClientCanonicalizedNames ::= SEQUENCE{
|
||||
requested-name [0] PrincipalName,
|
||||
mapped-name [1] PrincipalName
|
||||
}
|
||||
|
||||
PA-ClientCanonicalized ::= SEQUENCE {
|
||||
names [0] PA-ClientCanonicalizedNames,
|
||||
canon-checksum [1] Checksum
|
||||
}
|
||||
|
||||
AD-LoginAlias ::= SEQUENCE { -- ad-type number TBD --
|
||||
login-alias [0] PrincipalName,
|
||||
checksum [1] Checksum
|
||||
}
|
||||
|
||||
-- old ms referral
|
||||
PA-SvrReferralData ::= SEQUENCE {
|
||||
referred-name [1] PrincipalName OPTIONAL,
|
||||
referred-realm [0] Realm
|
||||
}
|
||||
|
||||
PA-SERVER-REFERRAL-DATA ::= EncryptedData
|
||||
|
||||
PA-ServerReferralData ::= SEQUENCE {
|
||||
referred-realm [0] Realm OPTIONAL,
|
||||
true-principal-name [1] PrincipalName OPTIONAL,
|
||||
requested-principal-name [2] PrincipalName OPTIONAL,
|
||||
referral-valid-until [3] KerberosTime OPTIONAL,
|
||||
...
|
||||
}
|
||||
-- WS put extensions found elsewere here
|
||||
-- http://msdn.microsoft.com/en-us/library/cc206948.aspx
|
||||
--
|
||||
KERB-PA-PAC-REQUEST ::= SEQUENCE {
|
||||
include-pac[0] BOOLEAN --If TRUE, and no pac present, include PAC.
|
||||
--If FALSE, and PAC present, remove PAC
|
||||
}
|
||||
END
|
||||
|
||||
-- etags -r '/\([A-Za-z][-A-Za-z0-9]*\).*::=/\1/' k5.asn1
|
|
@ -12,7 +12,7 @@ Realm
|
|||
EncryptedData/etype encryptedData_etype
|
||||
KDC-REQ-BODY/etype kDC-REQ-BODY_etype
|
||||
|
||||
#.FN_BODY KDC-REQ/msg-type VAL_PTR = &msgtype
|
||||
#.FN_BODY MESSAGE-TYPE VAL_PTR = &msgtype
|
||||
guint32 msgtype;
|
||||
|
||||
%(DEFAULT_BODY)s
|
||||
|
@ -29,9 +29,8 @@ guint32 msgtype;
|
|||
#.FN_BODY Int32 VAL_PTR = actx->value_ptr
|
||||
%(DEFAULT_BODY)s
|
||||
|
||||
#.FN_BODY PA-DATA/padata-type
|
||||
/* Calling Int32 returns the value in ctx->value_ptr */
|
||||
actx->value_ptr = &krb_PA_DATA_type;
|
||||
#.FN_BODY PADATA-TYPE VAL_PTR = &krb_PA_DATA_type
|
||||
|
||||
%(DEFAULT_BODY)s
|
||||
|
||||
krb_PA_DATA_type&=0xff; /*this is really just one single byte */
|
||||
|
@ -50,49 +49,42 @@ proto_tree *sub_tree=tree;
|
|||
|
||||
switch(krb_PA_DATA_type){
|
||||
case KRB5_PA_TGS_REQ:
|
||||
offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_kerberos_padata_value, dissect_kerberos_Applications);
|
||||
offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_Applications);
|
||||
break;
|
||||
case KRB5_PA_PK_AS_REQ:
|
||||
offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_kerberos_padata_value, dissect_pkinit_PaPkAsReq);
|
||||
offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_pkinit_PaPkAsReq);
|
||||
break;
|
||||
case KRB5_PA_PK_AS_REP:
|
||||
offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_kerberos_padata_value, dissect_pkinit_PaPkAsRep);
|
||||
offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_pkinit_PaPkAsRep);
|
||||
break;
|
||||
/*
|
||||
case KRB5_PA_PAC_REQUEST:
|
||||
offset=dissect_ber_old_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_kerberos_padata_value, dissect_krb5_PA_PAC_REQUEST);
|
||||
offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_KERB_PA_PAC_REQUEST);
|
||||
break;
|
||||
case KRB5_PA_S4U2SELF:
|
||||
offset=dissect_ber_old_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_kerberos_padata_value, dissect_krb5_PA_S4U2SELF);
|
||||
offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_S4U2Self);
|
||||
break;
|
||||
case KRB5_PA_PROV_SRV_LOCATION:
|
||||
offset=dissect_ber_old_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_kerberos_padata_value, dissect_krb5_PA_PROV_SRV_LOCATION);
|
||||
offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_krb5_PA_PROV_SRV_LOCATION);
|
||||
break;
|
||||
*/
|
||||
case KRB5_PA_ENC_TIMESTAMP:
|
||||
offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_kerberos_padata_value, dissect_kerberos_PA_ENC_TIMESTAMP);
|
||||
offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_ENC_TIMESTAMP);
|
||||
break;
|
||||
/*
|
||||
case KRB5_PA_ENCTYPE_INFO:
|
||||
offset=dissect_ber_old_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_kerberos_padata_value, dissect_krb5_PA_ENCTYPE_INFO);
|
||||
offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_ETYPE_INFO);
|
||||
break;
|
||||
case KRB5_PA_ENCTYPE_INFO2:
|
||||
offset=dissect_ber_old_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_kerberos_padata_value, dissect_krb5_PA_ENCTYPE_INFO2);
|
||||
offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_ETYPE_INFO2);
|
||||
break;
|
||||
case KRB5_PA_PW_SALT:
|
||||
offset=dissect_ber_old_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_kerberos_padata_value, dissect_krb5_PW_SALT);
|
||||
offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_krb5_PW_SALT);
|
||||
break;
|
||||
*/
|
||||
default:
|
||||
offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_kerberos_padata_value, NULL);
|
||||
offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, NULL);
|
||||
}
|
||||
/*qqq*/
|
||||
|
||||
|
||||
#.TYPE_ATTR
|
||||
KDC-REQ/msg-type TYPE = FT_UINT32 DISPLAY = BASE_DEC STRINGS = VALS(krb5_msg_types)
|
||||
# this does not work for some reason :(
|
||||
EncryptedData/etype TYPE = FT_UINT32 DISPLAY = BASE_DEC STRINGS = VALS(krb5_encryption_types)
|
||||
|
||||
#xxx TYPE = FT_UINT16 DISPLAY = BASE_DEC STRINGS = VALS(xx_vals)
|
||||
|
||||
|
||||
|
|
|
@ -118,7 +118,10 @@ static gboolean do_col_info;
|
|||
/* Forward declarations */
|
||||
static int dissect_kerberos_Applications(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
|
||||
static int dissect_kerberos_PA_ENC_TIMESTAMP(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
|
||||
|
||||
static int dissect_kerberos_KERB_PA_PAC_REQUEST(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
|
||||
static int dissect_kerberos_PA_S4U2Self(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
|
||||
static int dissect_kerberos_ETYPE_INFO(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
|
||||
static int dissect_kerberos_ETYPE_INFO2(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
|
||||
/* Desegment Kerberos over TCP messages */
|
||||
static gboolean krb_desegment = TRUE;
|
||||
|
||||
|
@ -128,6 +131,9 @@ static struct { const char *set; const char *unset; } bitval = { "Set", "Not set
|
|||
|
||||
static gint hf_krb_rm_reserved = -1;
|
||||
static gint hf_krb_rm_reclen = -1;
|
||||
static gint hf_krb_provsrv_location = -1;
|
||||
static gint hf_krb_smb_nt_status = -1;
|
||||
static gint hf_krb_smb_unknown = -1;
|
||||
#include "packet-kerberos-hf.c"
|
||||
|
||||
/* Initialize the subtree pointers */
|
||||
|
@ -1253,6 +1259,48 @@ dissect_krb5_decrypt_authenticator_data (proto_tree *tree, tvbuff_t *tvb, int of
|
|||
}
|
||||
#endif
|
||||
|
||||
static int
|
||||
dissect_krb5_PA_PROV_SRV_LOCATION(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_)
|
||||
{
|
||||
offset=dissect_ber_GeneralString(actx, tree, tvb, offset, hf_krb_provsrv_location, NULL, 0);
|
||||
|
||||
return offset;
|
||||
}
|
||||
|
||||
static int
|
||||
dissect_krb5_PW_SALT(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_)
|
||||
{
|
||||
guint32 nt_status;
|
||||
|
||||
/* Microsoft stores a special 12 byte blob here
|
||||
* guint32 NT_status
|
||||
* guint32 unknown
|
||||
* guint32 unknown
|
||||
* decode everything as this blob for now until we see if anyone
|
||||
* else ever uses it or we learn how to tell wether this
|
||||
* is such an MS blob or not.
|
||||
*/
|
||||
proto_tree_add_item(tree, hf_krb_smb_nt_status, tvb, offset, 4,
|
||||
TRUE);
|
||||
nt_status=tvb_get_letohl(tvb, offset);
|
||||
if(nt_status && check_col(actx->pinfo->cinfo, COL_INFO)) {
|
||||
col_append_fstr(actx->pinfo->cinfo, COL_INFO,
|
||||
" NT Status: %s",
|
||||
val_to_str(nt_status, NT_errors,
|
||||
"Unknown error code %#x"));
|
||||
}
|
||||
offset += 4;
|
||||
|
||||
proto_tree_add_item(tree, hf_krb_smb_unknown, tvb, offset, 4,
|
||||
TRUE);
|
||||
offset += 4;
|
||||
|
||||
proto_tree_add_item(tree, hf_krb_smb_unknown, tvb, offset, 4,
|
||||
TRUE);
|
||||
offset += 4;
|
||||
|
||||
return offset;
|
||||
}
|
||||
|
||||
#include "packet-kerberos-fn.c"
|
||||
|
||||
|
@ -1482,6 +1530,15 @@ void proto_register_kerberos(void) {
|
|||
{ &hf_krb_rm_reclen, {
|
||||
"Record Length", "kerberos.rm.length", FT_UINT32, BASE_DEC,
|
||||
NULL, KRB_RM_RECLEN, "Record length", HFILL }},
|
||||
{ &hf_krb_provsrv_location, {
|
||||
"PROVSRV Location", "kerberos.provsrv_location", FT_STRING, BASE_NONE,
|
||||
NULL, 0, "PacketCable PROV SRV Location", HFILL }},
|
||||
{ &hf_krb_smb_nt_status,
|
||||
{ "NT Status", "kerberos.smb.nt_status", FT_UINT32, BASE_HEX,
|
||||
VALS(NT_errors), 0, "NT Status code", HFILL }},
|
||||
{ &hf_krb_smb_unknown,
|
||||
{ "Unknown", "kerberos.smb.unknown", FT_UINT32, BASE_HEX,
|
||||
NULL, 0, "unknown", HFILL }},
|
||||
|
||||
#include "packet-kerberos-hfarr.c"
|
||||
};
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -1,9 +1,19 @@
|
|||
/* Do not modify this file. */
|
||||
/* It is created automatically by the ASN.1 to Wireshark dissector compiler */
|
||||
/* packet-kerberos.h */
|
||||
/* ../../tools/asn2wrs.py -b -e -p kerberos -c kerberos.cnf -s packet-kerberos-template KerberosV5Spec2.asn */
|
||||
|
||||
/* Input file: packet-kerberos-template.h */
|
||||
|
||||
#line 1 "packet-kerberos-template.h"
|
||||
/* packet-kerberos.h
|
||||
* Routines for kerberos packet dissection
|
||||
* Copyright 2007, Anders Broman <anders.broman@ericsson.com>
|
||||
*
|
||||
* $Id$
|
||||
*
|
||||
* Wireshark - Network traffic analyzer
|
||||
* By Gerald Combs <gerald@wireshark.org>
|
||||
* Ethereal - Network traffic analyzer
|
||||
* By Gerald Combs <gerald@ethereal.com>
|
||||
* Copyright 1998 Gerald Combs
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or
|
||||
|
@ -21,8 +31,8 @@
|
|||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
*/
|
||||
|
||||
#ifndef __PACKET_KERBEROS_H
|
||||
#define __PACKET_KERBEROS_H
|
||||
#ifndef PACKET_KERBEROS_H
|
||||
#define PACKET_KERBEROS_H
|
||||
|
||||
/* This is a list of callback functions a caller can use to specify that
|
||||
octet strings in kerberos to be passed back to application specific
|
||||
|
@ -44,6 +54,17 @@ typedef struct _kerberos_callbacks {
|
|||
gint
|
||||
dissect_kerberos_main(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, gboolean do_col_info, kerberos_callbacks *cb);
|
||||
|
||||
|
||||
/*--- Included file: packet-kerberos-exp.h ---*/
|
||||
#line 1 "packet-kerberos-exp.h"
|
||||
int dissect_kerberos_Realm(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
|
||||
int dissect_kerberos_PrincipalName(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
|
||||
int dissect_kerberos_KerberosTime(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
|
||||
int dissect_kerberos_Checksum(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
|
||||
|
||||
/*--- End of included file: packet-kerberos-exp.h ---*/
|
||||
#line 50 "packet-kerberos-template.h"
|
||||
|
||||
int
|
||||
dissect_krb5_Checksum(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_);
|
||||
|
||||
|
@ -88,4 +109,18 @@ extern gboolean krb_decrypt;
|
|||
|
||||
#endif /* HAVE_KERBEROS */
|
||||
|
||||
#endif /* __PACKET_KERBEROS_H */
|
||||
|
||||
|
||||
/*--- Included file: packet-kerberos-exp.h ---*/
|
||||
#line 1 "packet-kerberos-exp.h"
|
||||
int dissect_kerberos_Realm(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
|
||||
int dissect_kerberos_PrincipalName(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
|
||||
int dissect_kerberos_KerberosTime(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
|
||||
int dissect_kerberos_Checksum(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
|
||||
|
||||
/*--- End of included file: packet-kerberos-exp.h ---*/
|
||||
#line 97 "packet-kerberos-template.h"
|
||||
|
||||
#endif /* PACKET_KERBEROS_H */
|
||||
|
||||
|
||||
|
|
Loading…
Reference in New Issue