summaryrefslogtreecommitdiffstats
path: root/epan/dissectors/packet-kerberos.h
diff options
context:
space:
mode:
Diffstat (limited to 'epan/dissectors/packet-kerberos.h')
-rw-r--r--epan/dissectors/packet-kerberos.h54
1 files changed, 41 insertions, 13 deletions
diff --git a/epan/dissectors/packet-kerberos.h b/epan/dissectors/packet-kerberos.h
index 8ecb13a6..6bd2f0f0 100644
--- a/epan/dissectors/packet-kerberos.h
+++ b/epan/dissectors/packet-kerberos.h
@@ -1,7 +1,7 @@
/* Do not modify this file. Changes will be overwritten. */
/* Generated automatically by the ASN.1 to Wireshark dissector compiler */
/* packet-kerberos.h */
-/* asn2wrs.py -b -L -p kerberos -c ./kerberos.cnf -s ./packet-kerberos-template -D . -O ../.. KerberosV5Spec2.asn k5.asn RFC3244.asn RFC6113.asn SPAKE.asn */
+/* asn2wrs.py -b -q -L -p kerberos -c ./kerberos.cnf -s ./packet-kerberos-template -D . -O ../.. KerberosV5Spec2.asn k5.asn RFC3244.asn RFC6113.asn SPAKE.asn */
/* packet-kerberos.h
* Routines for kerberos packet dissection
@@ -53,11 +53,11 @@ typedef struct _kerberos_callbacks {
/* Function prototypes */
-gboolean
+bool
kerberos_is_win2k_pkinit(asn1_ctx_t *actx);
-gint
-dissect_kerberos_main(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, gboolean do_col_info, kerberos_callbacks *cb);
+int
+dissect_kerberos_main(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, bool do_col_info, kerberos_callbacks *cb);
int
dissect_krb5_Checksum(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_);
@@ -67,14 +67,14 @@ dissect_krb5_ctime(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx
int dissect_krb5_cname(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_);
int dissect_krb5_realm(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_);
-guint32 kerberos_output_keytype(void);
+uint32_t kerberos_output_keytype(void);
-guint get_krb_pdu_len(packet_info *, tvbuff_t *tvb, int offset, void *data _U_);
+unsigned get_krb_pdu_len(packet_info *, tvbuff_t *tvb, int offset, void *data _U_);
-gint kerberos_rm_to_reclen(guint krb_rm);
+int kerberos_rm_to_reclen(unsigned krb_rm);
void
-show_krb_recordmark(proto_tree *tree, tvbuff_t *tvb, gint start, guint32 krb_rm);
+show_krb_recordmark(proto_tree *tree, tvbuff_t *tvb, int start, uint32_t krb_rm);
int
dissect_kerberos_KERB_TICKET_LOGON(tvbuff_t *tvb, int offset, asn1_ctx_t *actx, proto_tree *tree);
@@ -94,20 +94,48 @@ typedef struct _enc_key_t {
struct _enc_key_t *next;
int keytype;
int keylength;
- guint8 keyvalue[KRB_MAX_KEY_LENGTH];
+ uint8_t keyvalue[KRB_MAX_KEY_LENGTH];
char key_origin[KRB_MAX_ORIG_LEN+1];
int fd_num; /* remember where we learned a key */
- guint id; /* a unique id of the key, relative to fd_num */
+ unsigned id; /* a unique id of the key, relative to fd_num */
char id_str[KRB_MAX_ID_STR_LEN+1];
+ /* EncTicketPart_key */
+ bool is_ticket_key;
+ /* EncAPRepPart_subkey */
+ bool is_ap_rep_key;
+ /*
+ * for now taken from dissect_krb5_PAC_UPN_DNS_INFO,
+ * we could also use dissect_krb5_PAC_LOGON_INFO if needed
+ *
+ * we get device_sid from dissect_krb5_PAC_DEVICE_INFO if available.
+ *
+ * We remember these from the PAC and
+ * attach it to EncTicketPart_key so it
+ * might be valid if is_ticket_key is true.
+ *
+ * When learning a EncAPRepPart_subkey
+ * we copy the details from the EncTicketPart_key,
+ * so when is_ap_rep_key is true we may also have it.
+ *
+ * So application protocols like SMB2 could use the
+ * is_ap_rep_key=true key details in order to identify
+ * the authenticated user.
+ */
+ struct {
+ const char *account_name;
+ const char *account_domain;
+ const char *account_sid;
+ const char *device_sid;
+ } pac_names;
struct _enc_key_t *same_list;
- guint num_same;
+ unsigned num_same;
struct _enc_key_t *src1;
struct _enc_key_t *src2;
} enc_key_t;
extern enc_key_t *enc_key_list;
extern wmem_map_t *kerberos_longterm_keys;
-guint8 *
+uint8_t *
decrypt_krb5_data(proto_tree *tree, packet_info *pinfo,
int usage,
tvbuff_t *crypototvb,
@@ -126,7 +154,7 @@ decrypt_krb5_krb_cfx_dce(proto_tree *tree,
#endif /* HAVE_HEIMDAL_KERBEROS || HAVE_MIT_KERBEROS */
-extern gboolean krb_decrypt;
+extern bool krb_decrypt;
#endif /* HAVE_KERBEROS */