osmocom
/
wireshark
11
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

Updated the Kerberos ASN.1 dissector to the point I believe it can replace the "hand made" one. Bug 8649 (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8649) 

Letting the more experienced ASN.1 developers tweak it a little more before the "generated" dissector is accepted (which is why it's not included here)

svn path=/trunk/; revision=49328
This commit is contained in:
Michael Mann 2013-05-16 12:21:43 +00:00
parent c1f144e9aa
commit 7efa0fdb29
5 changed files with 1048 additions and 342 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

73
asn1/kerberos/KerberosV5Spec2.asn
View File

@ -29,7 +29,7 @@ Applications ::= CHOICE {
encASRepPart EncASRepPart, -- 25 --
encTGSRepPart EncTGSRepPart, -- 26 --
encAPRepPart EncAPRepPart, -- 27 --
encKrbPrivPart EncKrbPrivPart, -- 28 --
encKrbPrivPart ENC-KRB-PRIV-PART, -- 28 --
encKrbCredPart EncKrbCredPart, -- 29 --
krb-error KRB-ERROR -- 30 --
}
@ -108,11 +108,47 @@ Checksum ::= SEQUENCE {
checksum [1] OCTET STRING
}
EncryptedTicketData ::= SEQUENCE {
etype [0] ENCTYPE, -- EncryptionType - - Use k5.asn
kvno [1] UInt32 OPTIONAL,
cipher [2] OCTET STRING -- ciphertext
}
EncryptedAuthorizationData ::= SEQUENCE {
etype [0] ENCTYPE, -- EncryptionType - - Use k5.asn
kvno [1] UInt32 OPTIONAL,
cipher [2] OCTET STRING -- ciphertext
}
EncryptedKDCREPData ::= SEQUENCE {
etype [0] ENCTYPE, -- EncryptionType - - Use k5.asn
kvno [1] UInt32 OPTIONAL,
cipher [2] OCTET STRING -- ciphertext
}
EncryptedAPREPData ::= SEQUENCE {
etype [0] ENCTYPE, -- EncryptionType - - Use k5.asn
kvno [1] UInt32 OPTIONAL,
cipher [2] OCTET STRING -- ciphertext
}
EncryptedKrbPrivData ::= SEQUENCE {
etype [0] ENCTYPE, -- EncryptionType - - Use k5.asn
kvno [1] UInt32 OPTIONAL,
cipher [2] OCTET STRING -- ciphertext
}
EncryptedKrbCredData ::= SEQUENCE {
etype [0] ENCTYPE, -- EncryptionType - - Use k5.asn
kvno [1] UInt32 OPTIONAL,
cipher [2] OCTET STRING -- ciphertext
}
Ticket ::= [APPLICATION 1] SEQUENCE {
tkt-vno [0] INTEGER (5),
realm [1] Realm,
sname [2] PrincipalName,
enc-part [3] EncryptedData -- EncTicketPart
enc-part [3] EncryptedTicketData
}
-- Encrypted part of ticket
@ -177,14 +213,18 @@ KDC-REQ-BODY ::= SEQUENCE {
-- Also client's in AS-REQ --,
sname [3] PrincipalName OPTIONAL,
from [4] KerberosTime OPTIONAL,
till [5] KerberosTime,
-- this field is not optional in the kerberos spec, however, in the packetcable spec it is optional
-- make it optional here since normal kerberos will still decode the pdu correctly.
till [5] KerberosTime OPTIONAL,
rtime [6] KerberosTime OPTIONAL,
nonce [7] UInt32,
-- etype [8] SEQUENCE OF Int32 - - EncryptionType Use k5.asn
etype [8] SEQUENCE OF ENCTYPE -- EncryptionType
-- in preference order --,
addresses [9] HostAddresses OPTIONAL,
enc-authorization-data [10] EncryptedData OPTIONAL
enc-authorization-data [10] EncryptedAuthorizationData OPTIONAL
-- AuthorizationData --,
additional-tickets [11] SEQUENCE OF Ticket OPTIONAL
-- NOTE: not empty
@ -231,7 +271,7 @@ KDC-REP ::= SEQUENCE {
crealm [3] Realm,
cname [4] PrincipalName,
ticket [5] Ticket,
enc-part [6] EncryptedData
enc-part [6] EncryptedKDCREPData
-- EncASRepPart or EncTGSRepPart,
-- as appropriate
}
@ -268,7 +308,7 @@ AP-REQ ::= [APPLICATION 14] SEQUENCE {
msg-type [1] MESSAGE-TYPE,
ap-options [2] APOptions,
ticket [3] Ticket,
authenticator [4] EncryptedData -- Authenticator
authenticator [4] EncryptedAuthorizationData -- Authenticator
}
-- Use the krb5.asn def.
--APOptions ::= KerberosFlags
@ -293,7 +333,7 @@ AP-REP ::= [APPLICATION 15] SEQUENCE {
pvno [0] INTEGER (5),
-- msg-type [1] INTEGER (15), Use k5.asn
msg-type [1] MESSAGE-TYPE,
enc-part [2] EncryptedData -- EncAPRepPart
enc-part [2] EncryptedAPREPData -- EncAPRepPart
}
EncAPRepPart ::= [APPLICATION 27] SEQUENCE {
@ -316,7 +356,7 @@ KRB-SAFE-BODY ::= SEQUENCE {
timestamp [1] KerberosTime OPTIONAL,
usec [2] Microseconds OPTIONAL,
seq-number [3] UInt32 OPTIONAL,
s-address [4] HostAddress,
s-address [4] HostAddress OPTIONAL, -- XXX this one is OPTIONAL in packetcable? but mandatory in kerberos
r-address [5] HostAddress OPTIONAL
}
@ -325,10 +365,12 @@ KRB-PRIV ::= [APPLICATION 21] SEQUENCE {
-- msg-type [1] INTEGER (21), Use k5.asn
msg-type [1] MESSAGE-TYPE,
-- NOTE: there is no [2] tag
enc-part [3] EncryptedData -- EncKrbPrivPart
enc-part [3] EncryptedKrbPrivData -- EncKrbPrivPart
}
EncKrbPrivPart ::= [APPLICATION 28] SEQUENCE {
ENC-KRB-PRIV-PART ::= [APPLICATION 28] EncKrbPrivPart
EncKrbPrivPart ::= SEQUENCE {
user-data [0] OCTET STRING,
timestamp [1] KerberosTime OPTIONAL,
usec [2] Microseconds OPTIONAL,
@ -342,7 +384,7 @@ KRB-CRED ::= [APPLICATION 22] SEQUENCE {
-- msg-type [1] INTEGER (22), use k5.asn
msg-type [1] MESSAGE-TYPE,
tickets [2] SEQUENCE OF Ticket,
enc-part [3] EncryptedData -- EncKrbCredPart
enc-part [3] EncryptedKrbCredData -- EncKrbCredPart
}
EncKrbCredPart ::= [APPLICATION 29] SEQUENCE {
@ -383,7 +425,8 @@ KRB-ERROR ::= [APPLICATION 30] SEQUENCE {
realm [9] Realm -- service realm --,
sname [10] PrincipalName -- service name --,
e-text [11] KerberosString OPTIONAL,
e-data [12] OCTET STRING OPTIONAL
e-data [12] OCTET STRING OPTIONAL,
e-checksum [13] Checksum OPTIONAL -- used by PacketCable
}
METHOD-DATA ::= SEQUENCE OF PA-DATA
@ -395,7 +438,11 @@ TYPED-DATA ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE {
-- preauth stuff follows
PA-ENC-TIMESTAMP ::= EncryptedData -- PA-ENC-TS-ENC
PA-ENC-TIMESTAMP ::= SEQUENCE {
etype [0] ENCTYPE -- EncryptionType --,
kvno [1] UInt32 OPTIONAL,
cipher [2] OCTET STRING -- ciphertext
}
PA-ENC-TS-ENC ::= SEQUENCE {
patimestamp [0] KerberosTime -- client's time --,

2
asn1/kerberos/k5.asn
View File

@ -324,7 +324,7 @@ KDCOptions ::= BIT STRING {
renewable(8),
unused9(9),
unused10(10),
unused11(11),
opt-hardware-auth(11), -- taken from KerberosV5Spec2.asn
request-anonymous(14),
canonicalize(15),
constrained-delegation(16), -- ms extension

232
asn1/kerberos/kerberos.cnf
View File

@ -11,12 +11,27 @@ Realm
#.FIELD_RENAME
EncryptedData/etype encryptedData_etype
KDC-REQ-BODY/etype kDC-REQ-BODY_etype
KRB-SAFE-BODY/user-data kRB-SAFE-BODY_user_data
EncKrbPrivPart/user-data encKrbPrivPart_user_data
EncryptedTicketData/cipher encryptedTicketData_cipher
EncryptedAuthorizationData/cipher encryptedAuthorizationData_cipher
EncryptedKDCREPData/cipher encryptedKDCREPData_cipher
PA-ENC-TIMESTAMP/cipher pA-ENC-TIMESTAMP_cipher
EncryptedAPREPData/cipher encryptedAPREPData_cipher
EncryptedKrbPrivData/cipher encryptedKrbPrivData_cipher
EncryptedKrbCredData/cipher encryptedKrbCredData_cipher
KRB-CRED/_untag/enc-part kRB_CRED_enc_part
KRB-PRIV/_untag/enc-part kRB_PRIV_enc_part
AP-REP/_untag/enc-part aP_REP_enc_part
KDC-REP/enc-part kDC_REP_enc_part
Ticket/_untag/enc-part ticket_enc_part
#.FN_BODY MESSAGE-TYPE VAL_PTR = &msgtype
guint32 msgtype;
%(DEFAULT_BODY)s
if (do_col_info & check_col(actx->pinfo->cinfo, COL_INFO)) {
if (do_col_info) {
col_add_str(actx->pinfo->cinfo, COL_INFO,
val_to_str(msgtype, krb5_msg_types,
"Unknown msg type %%#x"));
@ -29,7 +44,7 @@ guint32 msgtype;
#.FN_BODY ERROR-CODE VAL_PTR = &krb5_errorcode
%(DEFAULT_BODY)s
if(krb5_errorcode && check_col(actx->pinfo->cinfo, COL_INFO)) {
if(krb5_errorcode) {
col_add_fstr(actx->pinfo->cinfo, COL_INFO,
"KRB Error: %%s",
val_to_str(krb5_errorcode, krb5_error_codes,
@ -63,24 +78,32 @@ guint32 msgtype;
#.FN_BODY Int32 VAL_PTR = actx->value_ptr
%(DEFAULT_BODY)s
#.FN_BODY PADATA-TYPE VAL_PTR = &krb_PA_DATA_type
#.FN_BODY PADATA-TYPE
%(DEFAULT_BODY)s
actx->value_ptr = ep_alloc(sizeof(guint32));
offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
actx->value_ptr);
if(tree){
proto_item_append_text(tree, " %%s",
val_to_str(krb_PA_DATA_type, krb5_preauthentication_types,
val_to_str(*((guint32*)actx->value_ptr), krb5_preauthentication_types,
"Unknown:%%d"));
}
#.FN_BODY PA-DATA/padata-value
proto_tree *sub_tree=tree;
proto_tree *sub_tree=tree;
guint32 PA_DATA_type = 0;
if (actx->value_ptr) {
PA_DATA_type = *((guint32*)actx->value_ptr);
}
if(actx->created_item){
sub_tree=proto_item_add_subtree(actx->created_item, ett_kerberos_PA_DATA);
}
switch(krb_PA_DATA_type){
switch(PA_DATA_type){
case KRB5_PA_TGS_REQ:
offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_Applications);
break;
@ -114,10 +137,6 @@ proto_tree *sub_tree=tree;
default:
offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, NULL);
}
/*qqq*/
#.FN_BODY ADDR-TYPE VAL_PTR = &addr_type
%(DEFAULT_BODY)s
#.FN_BODY HostAddress/address
gint8 class;
@ -126,18 +145,22 @@ proto_tree *sub_tree=tree;
guint32 len;
char *address_str;
proto_item *it=NULL;
guint32 addr_type = 0;
/* read header and len for the octet string */
offset=dissect_ber_identifier(actx->pinfo, tree, tvb, offset, &class, &pc, &tag);
offset=dissect_ber_length(actx->pinfo, tree, tvb, offset, &len, NULL);
address_str=ep_alloc(256);
if (actx->value_ptr) {
addr_type = *((guint32*)actx->value_ptr);
}
address_str=ep_alloc(ADDRESS_STR_BUFSIZ);
address_str[0]=0;
address_str[255]=0;
switch(addr_type){
case KRB5_ADDR_IPv4:
it=proto_tree_add_item(tree, hf_krb_address_ip, tvb, offset, 4, ENC_BIG_ENDIAN);
g_snprintf(address_str,256,"%d.%d.%d.%d",tvb_get_guint8(tvb, offset),tvb_get_guint8(tvb, offset+1),tvb_get_guint8(tvb, offset+2),tvb_get_guint8(tvb, offset+3));
g_snprintf(address_str,ADDRESS_STR_BUFSIZ,"%d.%d.%d.%d",tvb_get_guint8(tvb, offset),tvb_get_guint8(tvb, offset+1),tvb_get_guint8(tvb, offset+2),tvb_get_guint8(tvb, offset+3));
break;
case KRB5_ADDR_NETBIOS:
{
@ -146,13 +169,13 @@ proto_tree *sub_tree=tree;
int netbios_name_len = (NETBIOS_NAME_LEN - 1)*4 + 1;
netbios_name_type = process_netbios_name(tvb_get_ptr(tvb, offset, 16), netbios_name, netbios_name_len);
g_snprintf(address_str, 255, "%s<%02x>", netbios_name, netbios_name_type);
g_snprintf(address_str, ADDRESS_STR_BUFSIZ, "%s<%02x>", netbios_name, netbios_name_type);
it=proto_tree_add_string_format(tree, hf_krb_address_netbios, tvb, offset, 16, netbios_name, "NetBIOS Name: %s (%s)", address_str, netbios_name_type_descr(netbios_name_type));
}
break;
case KRB5_ADDR_IPv6:
it=proto_tree_add_item(tree, hf_krb_address_ipv6, tvb, offset, INET6_ADDRLEN, ENC_NA);
g_snprintf(address_str, 256, "%s", ip6_to_str((const struct e_in6_addr *)tvb_get_ptr(tvb, offset, INET6_ADDRLEN)));
g_snprintf(address_str, ADDRESS_STR_BUFSIZ, "%s", ip6_to_str((const struct e_in6_addr *)tvb_get_ptr(tvb, offset, INET6_ADDRLEN)));
break;
default:
proto_tree_add_text(tree, tvb, offset, len, "KRB Address: I dont know how to parse this type of address yet");
@ -172,4 +195,181 @@ proto_tree *sub_tree=tree;
#.TYPE_ATTR
#xxx TYPE = FT_UINT16 DISPLAY = BASE_DEC STRINGS = VALS(xx_vals)
#.FN_BODY ENCTYPE
actx->value_ptr = ep_alloc(sizeof(guint32));
offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
actx->value_ptr);
#.FN_BODY EncryptedTicketData/cipher
/**/#ifdef HAVE_KERBEROS
offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_ticket_data);
/**/#else
%(DEFAULT_BODY)s
/**/#endif
return offset;
#.FN_BODY EncryptedAuthorizationData/cipher
/**/#ifdef HAVE_KERBEROS
offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_authenticator_data);
/**/#else
%(DEFAULT_BODY)s
/**/#endif
return offset;
#.FN_BODY EncryptedKDCREPData/cipher
/**/#ifdef HAVE_KERBEROS
offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_KDC_REP_data);
/**/#else
%(DEFAULT_BODY)s
/**/#endif
return offset;
#.FN_BODY PA-ENC-TIMESTAMP/cipher
/**/#ifdef HAVE_KERBEROS
offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_PA_ENC_TIMESTAMP);
/**/#else
%(DEFAULT_BODY)s
/**/#endif
return offset;
#.FN_BODY EncryptedAPREPData/cipher
/**/#ifdef HAVE_KERBEROS
offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_AP_REP_data);
/**/#else
%(DEFAULT_BODY)s
/**/#endif
return offset;
#.FN_BODY EncryptedKrbPrivData/cipher
/**/#ifdef HAVE_KERBEROS
offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_PRIV_data);
/**/#else
%(DEFAULT_BODY)s
/**/#endif
return offset;
#.FN_BODY EncryptedKrbCredData/cipher
/**/#ifdef HAVE_KERBEROS
offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_CRED_data);
/**/#else
%(DEFAULT_BODY)s
/**/#endif
return offset;
#.FN_BODY CKSUMTYPE
actx->value_ptr = ep_alloc(sizeof(guint32));
offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
actx->value_ptr);
#.FN_BODY Checksum/checksum
tvbuff_t *next_tvb;
guint32 checksum_type = 0;
if (actx->value_ptr) {
checksum_type = *((guint32*)actx->value_ptr);
}
switch(checksum_type){
case KRB5_CHKSUM_GSSAPI:
offset=dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_index, &next_tvb);
dissect_krb5_rfc1964_checksum(actx, tree, next_tvb);
break;
default:
offset=dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_index, NULL);
}
return offset;
#.FN_BODY EncryptionKey/keytype
kerberos_key_t* key = ep_alloc(sizeof(kerberos_key_t));
actx->value_ptr = key;
offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
key->keytype);
#.FN_BODY EncryptionKey/keyvalue
kerberos_key_t* key = (kerberos_key_t*)actx->value_ptr;
if (key != NULL) {
key->keylength = tvb_length_remaining(tvb, offset);
key->keyvalue = tvb_get_ptr(tvb, offset, key->keylength);
}
%(DEFAULT_BODY)s
#.FN_BODY EncryptionKey
kerberos_key_t* key = (kerberos_key_t*)actx->value_ptr;
%(DEFAULT_BODY)s
if (key != NULL) {
add_encryption_key(actx->pinfo, key->keytype, key->keylength, key->keyvalue, "key");
}
#.FN_BODY AuthorizationData/_item/ad-type
actx->value_ptr = ep_alloc(sizeof(guint32));
offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
actx->value_ptr);
#.FN_BODY AuthorizationData/_item/ad-data
guint32 adtype = 0;
if (actx->value_ptr) {
adtype = *((guint32*)actx->value_ptr);
}
switch(adtype){
case KRB5_AD_IF_RELEVANT:
offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset, hf_index, dissect_kerberos_AD_IF_RELEVANT);
break;
default:
offset=dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index, NULL);
}
#.FN_BODY HostAddress/addr-type
actx->value_ptr = ep_alloc(sizeof(guint32));
offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
actx->value_ptr);
#.FN_BODY KDC-REQ-BODY
conversation_t *conversation;
/*
* UDP replies to KDC_REQs are sent from the server back to the client's
* source port, similar to the way TFTP works. Set up a conversation
* accordingly.
*
* Ref: Section 7.2.1 of
* http://www.ietf.org/internet-drafts/draft-ietf-krb-wg-kerberos-clarifications-07.txt
*/
if (actx->pinfo->destport == UDP_PORT_KERBEROS && actx->pinfo->ptype == PT_UDP) {
conversation = find_conversation(actx->pinfo->fd->num, &actx->pinfo->src, &actx->pinfo->dst, PT_UDP,
actx->pinfo->srcport, 0, NO_PORT_B);
if (conversation == NULL) {
conversation = conversation_new(actx->pinfo->fd->num, &actx->pinfo->src, &actx->pinfo->dst, PT_UDP,
actx->pinfo->srcport, 0, NO_PORT2);
conversation_set_dissector(conversation, kerberos_handle_udp);
}
}
%(DEFAULT_BODY)s
#.FN_BODY KRB-SAFE-BODY/user-data
tvbuff_t *new_tvb;
offset=dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_index, &new_tvb);
if (new_tvb) {
call_kerberos_callbacks(actx->pinfo, tree, new_tvb, KRB_CBTAG_SAFE_USER_DATA);
}
#.FN_BODY EncKrbPrivPart/user-data
tvbuff_t *new_tvb;
offset=dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_index, &new_tvb);
if (new_tvb) {
call_kerberos_callbacks(actx->pinfo, tree, new_tvb, KRB_CBTAG_PRIV_USER_DATA);
}

1069
asn1/kerberos/packet-kerberos-template.c
View File

File diff suppressed because it is too large Load Diff

14
asn1/kerberos/packet-kerberos-template.h
View File

@ -23,8 +23,10 @@
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#ifndef PACKET_KERBEROS_H
#define PACKET_KERBEROS_H
#ifndef __PACKET_KERBEROS_H
#define __PACKET_KERBEROS_H
#include "ws_symbol_export.h"
/* This is a list of callback functions a caller can use to specify that
octet strings in kerberos to be passed back to application specific
@ -81,8 +83,7 @@ extern enc_key_t *enc_key_list;
guint8 *
decrypt_krb5_data(proto_tree *tree, packet_info *pinfo,
int usage,
int length,
const guint8 *cryptotext,
tvbuff_t *crypototvb,
int keytype,
int *datalen);
@ -90,11 +91,14 @@ decrypt_krb5_data(proto_tree *tree, packet_info *pinfo,
extern gboolean krb_decrypt;
WS_DLL_PUBLIC
void read_keytab_file_from_preferences(void);
#endif /* HAVE_KERBEROS */
#include "packet-kerberos-exp.h"
#endif /* PACKET_KERBEROS_H */
#endif /* __PACKET_KERBEROS_H */