krb5: fix parsing of PA-S4U-X509-USER in AS-REQ
Per [MS-SFU] 2.2.2 PA_S4U_X509_USER in AS-REQ consists of the certificate data instead of the corresponding struct. Also, the subject-certificate field in the struct consists of the certificate data as well, so let's decode it as such. Change-Id: I6f03a66eac74b7d42c0893f63cab772d8ddcb803 Signed-off-by: Isaac Boukris <iboukris@gmail.com> Reviewed-on: https://code.wireshark.org/review/31279 Petri-Dish: Anders Broman <a.broman58@gmail.com> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
This commit is contained in:
parent
2d41b15495
commit
2f25e04e00
|
@ -157,10 +157,12 @@ guint32 msgtype;
|
|||
offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_S4U2Self);
|
||||
break;
|
||||
case KRB5_PADATA_S4U_X509_USER:
|
||||
if(!private_data->is_enc_padata) {
|
||||
offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_S4U_X509_USER);
|
||||
}else{
|
||||
if(private_data->msg_type == KRB5_MSG_AS_REQ){
|
||||
offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_x509af_Certificate);
|
||||
}else if(private_data->is_enc_padata){
|
||||
offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, NULL);
|
||||
}else{
|
||||
offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_S4U_X509_USER);
|
||||
}
|
||||
break;
|
||||
case KRB5_PA_PROV_SRV_LOCATION:
|
||||
|
@ -182,7 +184,7 @@ guint32 msgtype;
|
|||
offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_AUTHENTICATION_SET);
|
||||
break;
|
||||
case KRB5_PADATA_FX_FAST:
|
||||
if(private_data->is_request){
|
||||
if(private_data->msg_type == KRB5_MSG_AS_REQ || private_data->msg_type == KRB5_MSG_TGS_REQ){
|
||||
offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_FX_FAST_REQUEST);
|
||||
}else{
|
||||
offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_FX_FAST_REPLY);
|
||||
|
@ -373,6 +375,9 @@ AuthorizationData/_item/ad-type STRINGS=VALS(krb5_ad_types)
|
|||
offset=dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index, NULL);
|
||||
}
|
||||
|
||||
#.FN_BODY S4UUserID/subject-certificate
|
||||
offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset,hf_index, dissect_x509af_Certificate);
|
||||
|
||||
#.FN_BODY ADDR-TYPE VAL_PTR=&(private_data->addr_type)
|
||||
kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
|
||||
%(DEFAULT_BODY)s
|
||||
|
@ -423,16 +428,20 @@ AuthorizationData/_item/ad-type STRINGS=VALS(krb5_ad_types)
|
|||
|
||||
#.FN_HDR AS-REQ
|
||||
kerberos_private_data_t* private_data = kerberos_get_private_data(actx);
|
||||
private_data->is_request = TRUE;
|
||||
private_data->msg_type = KRB5_MSG_AS_REQ;
|
||||
|
||||
#.FN_HDR AS-REP
|
||||
kerberos_private_data_t* private_data = kerberos_get_private_data(actx);
|
||||
private_data->is_request = FALSE;
|
||||
private_data->msg_type = KRB5_MSG_AS_REP;
|
||||
|
||||
#.FN_HDR KRB-ERROR
|
||||
kerberos_private_data_t* private_data = kerberos_get_private_data(actx);
|
||||
private_data->is_request = FALSE;
|
||||
private_data->msg_type = KRB5_MSG_ERROR;
|
||||
|
||||
#.FN_HDR TGS-REQ
|
||||
kerberos_private_data_t* private_data = kerberos_get_private_data(actx);
|
||||
private_data->is_request = TRUE;
|
||||
private_data->msg_type = KRB5_MSG_TGS_REQ;
|
||||
|
||||
#.FN_HDR TGS-REP
|
||||
kerberos_private_data_t* private_data = kerberos_get_private_data(actx);
|
||||
private_data->msg_type = KRB5_MSG_TGS_REP;
|
||||
|
|
|
@ -69,7 +69,7 @@
|
|||
|
||||
#include "packet-gssapi.h"
|
||||
#include "packet-smb-common.h"
|
||||
|
||||
#include "packet-x509af.h"
|
||||
|
||||
void proto_register_kerberos(void);
|
||||
void proto_reg_handoff_kerberos(void);
|
||||
|
@ -86,7 +86,7 @@ typedef struct kerberos_key {
|
|||
} kerberos_key_t;
|
||||
|
||||
typedef struct {
|
||||
gboolean is_request;
|
||||
guint32 msg_type;
|
||||
guint32 etype;
|
||||
guint32 padata_type;
|
||||
guint32 is_enc_padata;
|
||||
|
@ -1986,10 +1986,10 @@ dissect_kerberos_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
|
|||
default:
|
||||
return 0;
|
||||
}
|
||||
if (do_col_protocol) {
|
||||
if (do_col_protocol) {
|
||||
col_set_str(pinfo->cinfo, COL_PROTOCOL, "KRB5");
|
||||
}
|
||||
if (gbl_do_col_info) {
|
||||
}
|
||||
if (gbl_do_col_info) {
|
||||
col_clear(pinfo->cinfo, COL_INFO);
|
||||
}
|
||||
if (tree) {
|
||||
|
|
|
@ -77,7 +77,7 @@
|
|||
|
||||
#include "packet-gssapi.h"
|
||||
#include "packet-smb-common.h"
|
||||
|
||||
#include "packet-x509af.h"
|
||||
|
||||
void proto_register_kerberos(void);
|
||||
void proto_reg_handoff_kerberos(void);
|
||||
|
@ -94,7 +94,7 @@ typedef struct kerberos_key {
|
|||
} kerberos_key_t;
|
||||
|
||||
typedef struct {
|
||||
gboolean is_request;
|
||||
guint32 msg_type;
|
||||
guint32 etype;
|
||||
guint32 padata_type;
|
||||
guint32 is_enc_padata;
|
||||
|
@ -305,7 +305,7 @@ static int hf_kerberos_auth = -1; /* GeneralString */
|
|||
static int hf_kerberos_user_id = -1; /* S4UUserID */
|
||||
static int hf_kerberos_checksum_01 = -1; /* Checksum */
|
||||
static int hf_kerberos_cname_01 = -1; /* PrincipalName */
|
||||
static int hf_kerberos_subject_certificate = -1; /* OCTET_STRING */
|
||||
static int hf_kerberos_subject_certificate = -1; /* T_subject_certificate */
|
||||
static int hf_kerberos_options = -1; /* BIT_STRING */
|
||||
static int hf_kerberos_include_pac = -1; /* BOOLEAN */
|
||||
static int hf_kerberos_newpasswd = -1; /* OCTET_STRING */
|
||||
|
@ -2330,7 +2330,7 @@ static const value_string kerberos_ENCTYPE_vals[] = {
|
|||
|
||||
static int
|
||||
dissect_kerberos_ENCTYPE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
||||
#line 250 "./asn1/kerberos/kerberos.cnf"
|
||||
#line 252 "./asn1/kerberos/kerberos.cnf"
|
||||
kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
|
||||
offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
|
||||
&(private_data->etype));
|
||||
|
@ -2355,7 +2355,7 @@ dissect_kerberos_UInt32(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset
|
|||
|
||||
static int
|
||||
dissect_kerberos_T_encryptedTicketData_cipher(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
||||
#line 254 "./asn1/kerberos/kerberos.cnf"
|
||||
#line 256 "./asn1/kerberos/kerberos.cnf"
|
||||
#ifdef HAVE_KERBEROS
|
||||
offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_ticket_data);
|
||||
#else
|
||||
|
@ -2483,7 +2483,7 @@ static const value_string kerberos_CKSUMTYPE_vals[] = {
|
|||
|
||||
static int
|
||||
dissect_kerberos_CKSUMTYPE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
||||
#line 311 "./asn1/kerberos/kerberos.cnf"
|
||||
#line 313 "./asn1/kerberos/kerberos.cnf"
|
||||
kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
|
||||
offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
|
||||
&(private_data->checksum_type));
|
||||
|
@ -2498,7 +2498,7 @@ dissect_kerberos_CKSUMTYPE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int off
|
|||
|
||||
static int
|
||||
dissect_kerberos_T_checksum(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
||||
#line 315 "./asn1/kerberos/kerberos.cnf"
|
||||
#line 317 "./asn1/kerberos/kerberos.cnf"
|
||||
tvbuff_t *next_tvb;
|
||||
kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
|
||||
|
||||
|
@ -2565,7 +2565,7 @@ dissect_kerberos_Int32(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset
|
|||
|
||||
static int
|
||||
dissect_kerberos_T_keytype(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
||||
#line 329 "./asn1/kerberos/kerberos.cnf"
|
||||
#line 331 "./asn1/kerberos/kerberos.cnf"
|
||||
kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
|
||||
|
||||
offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
|
||||
|
@ -2581,7 +2581,7 @@ dissect_kerberos_T_keytype(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int off
|
|||
|
||||
static int
|
||||
dissect_kerberos_T_keyvalue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
||||
#line 336 "./asn1/kerberos/kerberos.cnf"
|
||||
#line 338 "./asn1/kerberos/kerberos.cnf"
|
||||
tvbuff_t *out_tvb;
|
||||
kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
|
||||
|
||||
|
@ -2606,7 +2606,7 @@ static const ber_sequence_t EncryptionKey_sequence[] = {
|
|||
|
||||
static int
|
||||
dissect_kerberos_EncryptionKey(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
||||
#line 345 "./asn1/kerberos/kerberos.cnf"
|
||||
#line 347 "./asn1/kerberos/kerberos.cnf"
|
||||
kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
|
||||
|
||||
offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
|
||||
|
@ -2628,7 +2628,7 @@ dissect_kerberos_EncryptionKey(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int
|
|||
|
||||
static int
|
||||
dissect_kerberos_T_ad_type(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
||||
#line 356 "./asn1/kerberos/kerberos.cnf"
|
||||
#line 358 "./asn1/kerberos/kerberos.cnf"
|
||||
kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
|
||||
offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
|
||||
&(private_data->ad_type));
|
||||
|
@ -2641,7 +2641,7 @@ dissect_kerberos_T_ad_type(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int off
|
|||
|
||||
static int
|
||||
dissect_kerberos_T_ad_data(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
||||
#line 363 "./asn1/kerberos/kerberos.cnf"
|
||||
#line 365 "./asn1/kerberos/kerberos.cnf"
|
||||
kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
|
||||
|
||||
switch(private_data->ad_type){
|
||||
|
@ -2792,7 +2792,7 @@ static const value_string kerberos_ADDR_TYPE_vals[] = {
|
|||
|
||||
static int
|
||||
dissect_kerberos_ADDR_TYPE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
||||
#line 377 "./asn1/kerberos/kerberos.cnf"
|
||||
#line 382 "./asn1/kerberos/kerberos.cnf"
|
||||
kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
|
||||
offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
|
||||
&(private_data->addr_type));
|
||||
|
@ -2807,7 +2807,7 @@ dissect_kerberos_ADDR_TYPE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int off
|
|||
|
||||
static int
|
||||
dissect_kerberos_T_address(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
||||
#line 199 "./asn1/kerberos/kerberos.cnf"
|
||||
#line 201 "./asn1/kerberos/kerberos.cnf"
|
||||
gint8 appclass;
|
||||
gboolean pc;
|
||||
gint32 tag;
|
||||
|
@ -3077,10 +3077,12 @@ dissect_kerberos_T_padata_value(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, in
|
|||
offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_S4U2Self);
|
||||
break;
|
||||
case KRB5_PADATA_S4U_X509_USER:
|
||||
if(!private_data->is_enc_padata) {
|
||||
offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_S4U_X509_USER);
|
||||
}else{
|
||||
if(private_data->msg_type == KRB5_MSG_AS_REQ){
|
||||
offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_x509af_Certificate);
|
||||
}else if(private_data->is_enc_padata){
|
||||
offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, NULL);
|
||||
}else{
|
||||
offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_S4U_X509_USER);
|
||||
}
|
||||
break;
|
||||
case KRB5_PA_PROV_SRV_LOCATION:
|
||||
|
@ -3102,7 +3104,7 @@ dissect_kerberos_T_padata_value(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, in
|
|||
offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_AUTHENTICATION_SET);
|
||||
break;
|
||||
case KRB5_PADATA_FX_FAST:
|
||||
if(private_data->is_request){
|
||||
if(private_data->msg_type == KRB5_MSG_AS_REQ || private_data->msg_type == KRB5_MSG_TGS_REQ){
|
||||
offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_FX_FAST_REQUEST);
|
||||
}else{
|
||||
offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_FX_FAST_REPLY);
|
||||
|
@ -3211,7 +3213,7 @@ dissect_kerberos_SEQUENCE_OF_ENCTYPE(gboolean implicit_tag _U_, tvbuff_t *tvb _U
|
|||
|
||||
static int
|
||||
dissect_kerberos_T_encryptedAuthorizationData_cipher(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
||||
#line 262 "./asn1/kerberos/kerberos.cnf"
|
||||
#line 264 "./asn1/kerberos/kerberos.cnf"
|
||||
#ifdef HAVE_KERBEROS
|
||||
offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_authenticator_data);
|
||||
#else
|
||||
|
@ -3274,7 +3276,7 @@ static const ber_sequence_t KDC_REQ_BODY_sequence[] = {
|
|||
|
||||
static int
|
||||
dissect_kerberos_KDC_REQ_BODY(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
||||
#line 381 "./asn1/kerberos/kerberos.cnf"
|
||||
#line 386 "./asn1/kerberos/kerberos.cnf"
|
||||
conversation_t *conversation;
|
||||
|
||||
/*
|
||||
|
@ -3325,9 +3327,9 @@ dissect_kerberos_KDC_REQ(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offse
|
|||
|
||||
static int
|
||||
dissect_kerberos_AS_REQ(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
||||
#line 425 "./asn1/kerberos/kerberos.cnf"
|
||||
#line 430 "./asn1/kerberos/kerberos.cnf"
|
||||
kerberos_private_data_t* private_data = kerberos_get_private_data(actx);
|
||||
private_data->is_request = TRUE;
|
||||
private_data->msg_type = KRB5_MSG_AS_REQ;
|
||||
|
||||
|
||||
offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
|
||||
|
@ -3340,7 +3342,7 @@ dissect_kerberos_AS_REQ(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset
|
|||
|
||||
static int
|
||||
dissect_kerberos_T_encryptedKDCREPData_cipher(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
||||
#line 270 "./asn1/kerberos/kerberos.cnf"
|
||||
#line 272 "./asn1/kerberos/kerberos.cnf"
|
||||
#ifdef HAVE_KERBEROS
|
||||
offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_KDC_REP_data);
|
||||
#else
|
||||
|
@ -3395,9 +3397,9 @@ dissect_kerberos_KDC_REP(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offse
|
|||
|
||||
static int
|
||||
dissect_kerberos_AS_REP(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
||||
#line 429 "./asn1/kerberos/kerberos.cnf"
|
||||
#line 434 "./asn1/kerberos/kerberos.cnf"
|
||||
kerberos_private_data_t* private_data = kerberos_get_private_data(actx);
|
||||
private_data->is_request = FALSE;
|
||||
private_data->msg_type = KRB5_MSG_AS_REP;
|
||||
|
||||
|
||||
offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
|
||||
|
@ -3410,9 +3412,10 @@ dissect_kerberos_AS_REP(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset
|
|||
|
||||
static int
|
||||
dissect_kerberos_TGS_REQ(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
||||
#line 437 "./asn1/kerberos/kerberos.cnf"
|
||||
#line 442 "./asn1/kerberos/kerberos.cnf"
|
||||
kerberos_private_data_t* private_data = kerberos_get_private_data(actx);
|
||||
private_data->is_request = TRUE;
|
||||
private_data->msg_type = KRB5_MSG_TGS_REQ;
|
||||
|
||||
|
||||
offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
|
||||
hf_index, BER_CLASS_APP, 12, FALSE, dissect_kerberos_KDC_REQ);
|
||||
|
@ -3424,6 +3427,10 @@ dissect_kerberos_TGS_REQ(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offse
|
|||
|
||||
static int
|
||||
dissect_kerberos_TGS_REP(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
||||
#line 446 "./asn1/kerberos/kerberos.cnf"
|
||||
kerberos_private_data_t* private_data = kerberos_get_private_data(actx);
|
||||
private_data->msg_type = KRB5_MSG_TGS_REP;
|
||||
|
||||
offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
|
||||
hf_index, BER_CLASS_APP, 13, FALSE, dissect_kerberos_KDC_REP);
|
||||
|
||||
|
@ -3479,7 +3486,7 @@ dissect_kerberos_AP_REQ(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset
|
|||
|
||||
static int
|
||||
dissect_kerberos_T_encryptedAPREPData_cipher(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
||||
#line 286 "./asn1/kerberos/kerberos.cnf"
|
||||
#line 288 "./asn1/kerberos/kerberos.cnf"
|
||||
#ifdef HAVE_KERBEROS
|
||||
offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_AP_REP_data);
|
||||
#else
|
||||
|
@ -3540,7 +3547,7 @@ dissect_kerberos_AP_REP(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset
|
|||
|
||||
static int
|
||||
dissect_kerberos_T_kRB_SAFE_BODY_user_data(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
||||
#line 404 "./asn1/kerberos/kerberos.cnf"
|
||||
#line 409 "./asn1/kerberos/kerberos.cnf"
|
||||
tvbuff_t *new_tvb;
|
||||
offset=dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_index, &new_tvb);
|
||||
if (new_tvb) {
|
||||
|
@ -3602,7 +3609,7 @@ dissect_kerberos_KRB_SAFE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offs
|
|||
|
||||
static int
|
||||
dissect_kerberos_T_encryptedKrbPrivData_cipher(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
||||
#line 294 "./asn1/kerberos/kerberos.cnf"
|
||||
#line 296 "./asn1/kerberos/kerberos.cnf"
|
||||
#ifdef HAVE_KERBEROS
|
||||
offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_PRIV_data);
|
||||
#else
|
||||
|
@ -3663,7 +3670,7 @@ dissect_kerberos_KRB_PRIV(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offs
|
|||
|
||||
static int
|
||||
dissect_kerberos_T_encryptedKrbCredData_cipher(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
||||
#line 302 "./asn1/kerberos/kerberos.cnf"
|
||||
#line 304 "./asn1/kerberos/kerberos.cnf"
|
||||
#ifdef HAVE_KERBEROS
|
||||
offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_CRED_data);
|
||||
#else
|
||||
|
@ -3789,14 +3796,14 @@ dissect_kerberos_METHOD_DATA(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int o
|
|||
|
||||
static int
|
||||
dissect_kerberos_T_encrypted_pa_data(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
||||
#line 418 "./asn1/kerberos/kerberos.cnf"
|
||||
#line 423 "./asn1/kerberos/kerberos.cnf"
|
||||
kerberos_private_data_t* private_data = kerberos_get_private_data(actx);
|
||||
private_data->is_enc_padata = TRUE;
|
||||
|
||||
|
||||
offset = dissect_kerberos_METHOD_DATA(implicit_tag, tvb, offset, actx, tree, hf_index);
|
||||
|
||||
#line 422 "./asn1/kerberos/kerberos.cnf"
|
||||
#line 427 "./asn1/kerberos/kerberos.cnf"
|
||||
private_data->is_enc_padata = FALSE;
|
||||
|
||||
|
||||
|
@ -3880,7 +3887,7 @@ dissect_kerberos_EncAPRepPart(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int
|
|||
|
||||
static int
|
||||
dissect_kerberos_T_encKrbPrivPart_user_data(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
||||
#line 411 "./asn1/kerberos/kerberos.cnf"
|
||||
#line 416 "./asn1/kerberos/kerberos.cnf"
|
||||
tvbuff_t *new_tvb;
|
||||
offset=dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_index, &new_tvb);
|
||||
if (new_tvb) {
|
||||
|
@ -4174,9 +4181,9 @@ dissect_kerberos_KRB_ERROR_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int o
|
|||
|
||||
static int
|
||||
dissect_kerberos_KRB_ERROR(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
||||
#line 433 "./asn1/kerberos/kerberos.cnf"
|
||||
#line 438 "./asn1/kerberos/kerberos.cnf"
|
||||
kerberos_private_data_t* private_data = kerberos_get_private_data(actx);
|
||||
private_data->is_request = FALSE;
|
||||
private_data->msg_type = KRB5_MSG_ERROR;
|
||||
|
||||
|
||||
offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
|
||||
|
@ -4237,7 +4244,7 @@ dissect_kerberos_EncryptedData(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int
|
|||
|
||||
static int
|
||||
dissect_kerberos_T_pA_ENC_TIMESTAMP_cipher(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
||||
#line 278 "./asn1/kerberos/kerberos.cnf"
|
||||
#line 280 "./asn1/kerberos/kerberos.cnf"
|
||||
#ifdef HAVE_KERBEROS
|
||||
offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_PA_ENC_TIMESTAMP);
|
||||
#else
|
||||
|
@ -4364,6 +4371,18 @@ dissect_kerberos_PA_S4U2Self(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int o
|
|||
|
||||
|
||||
|
||||
static int
|
||||
dissect_kerberos_T_subject_certificate(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
||||
#line 379 "./asn1/kerberos/kerberos.cnf"
|
||||
offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset,hf_index, dissect_x509af_Certificate);
|
||||
|
||||
|
||||
|
||||
return offset;
|
||||
}
|
||||
|
||||
|
||||
|
||||
static int
|
||||
dissect_kerberos_BIT_STRING(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
|
||||
offset = dissect_ber_bitstring(implicit_tag, actx, tree, tvb, offset,
|
||||
|
@ -4378,7 +4397,7 @@ static const ber_sequence_t S4UUserID_sequence[] = {
|
|||
{ &hf_kerberos_nonce , BER_CLASS_CON, 0, 0, dissect_kerberos_UInt32 },
|
||||
{ &hf_kerberos_cname_01 , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_PrincipalName },
|
||||
{ &hf_kerberos_crealm , BER_CLASS_CON, 2, 0, dissect_kerberos_Realm },
|
||||
{ &hf_kerberos_subject_certificate, BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL, dissect_kerberos_OCTET_STRING },
|
||||
{ &hf_kerberos_subject_certificate, BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL, dissect_kerberos_T_subject_certificate },
|
||||
{ &hf_kerberos_options , BER_CLASS_CON, 4, BER_FLAGS_OPTIONAL, dissect_kerberos_BIT_STRING },
|
||||
{ NULL, 0, 0, 0, NULL }
|
||||
};
|
||||
|
@ -4663,10 +4682,10 @@ dissect_kerberos_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
|
|||
default:
|
||||
return 0;
|
||||
}
|
||||
if (do_col_protocol) {
|
||||
if (do_col_protocol) {
|
||||
col_set_str(pinfo->cinfo, COL_PROTOCOL, "KRB5");
|
||||
}
|
||||
if (gbl_do_col_info) {
|
||||
}
|
||||
if (gbl_do_col_info) {
|
||||
col_clear(pinfo->cinfo, COL_INFO);
|
||||
}
|
||||
if (tree) {
|
||||
|
@ -5463,7 +5482,7 @@ void proto_register_kerberos(void) {
|
|||
{ &hf_kerberos_subject_certificate,
|
||||
{ "subject-certificate", "kerberos.subject_certificate",
|
||||
FT_BYTES, BASE_NONE, NULL, 0,
|
||||
"OCTET_STRING", HFILL }},
|
||||
"T_subject_certificate", HFILL }},
|
||||
{ &hf_kerberos_options,
|
||||
{ "options", "kerberos.options",
|
||||
FT_BYTES, BASE_NONE, NULL, 0,
|
||||
|
|
Loading…
Reference in New Issue