# credssp.cnf
# Credential Security Support Provider (CredSSP) conformance file

#.PDU
TSRequest

#.FN_PARS TSRequest/version VAL_PTR = &credssp_ver

#.FN_BODY TSRequest/authInfo VAL_PTR = &auth_tvb
	tvbuff_t *auth_tvb = NULL;
	tvbuff_t *decr_tvb = NULL;
	gssapi_encrypt_info_t gssapi_encrypt;

	%(DEFAULT_BODY)s

	memset(&gssapi_encrypt, 0, sizeof(gssapi_encrypt));
	gssapi_encrypt.decrypt_gssapi_tvb=DECRYPT_GSSAPI_NORMAL;
	call_dissector_with_data(gssapi_wrap_handle, auth_tvb, actx->pinfo, tree, &gssapi_encrypt);
	decr_tvb = gssapi_encrypt.gssapi_decrypted_tvb;

	if(decr_tvb != NULL)
		dissect_credssp_TSCredentials(FALSE, decr_tvb, 0, actx, tree, hf_credssp_TSCredentials);

#.FN_BODY TSRequest/pubKeyAuth VAL_PTR = &auth_tvb
	tvbuff_t *auth_tvb = NULL;
	tvbuff_t *decr_tvb = NULL;
	gssapi_encrypt_info_t gssapi_encrypt;

	%(DEFAULT_BODY)s

	memset(&gssapi_encrypt, 0, sizeof(gssapi_encrypt));
	gssapi_encrypt.decrypt_gssapi_tvb=DECRYPT_GSSAPI_NORMAL;
	call_dissector_with_data(gssapi_wrap_handle, auth_tvb, actx->pinfo, tree, &gssapi_encrypt);
	decr_tvb = gssapi_encrypt.gssapi_decrypted_tvb;

	if(decr_tvb != NULL)
		proto_tree_add_item(tree, hf_credssp_decr_PublicKeyAuth, decr_tvb, 0, -1, ENC_NA);

#.FN_BODY TSRequest/errorCode

	if (credssp_ver < 3) {
		return 0;
	}

	%(DEFAULT_BODY)s


#.FN_BODY TSRequest/clientNonce

	if (credssp_ver < 5) {
		return 0;
	}

	%(DEFAULT_BODY)s


#.FN_PARS TSCredentials/credType VAL_PTR = &creds_type
#.FN_PARS TSCredentials/credentials VAL_PTR = &creds_tvb

#.FN_BODY TSCredentials/credentials
	tvbuff_t *creds_tvb = NULL;

	%(DEFAULT_BODY)s

	switch(creds_type) {
	case TS_PASSWORD_CREDS:
		dissect_credssp_TSPasswordCreds(FALSE, creds_tvb, 0, actx, tree, hf_credssp_TSPasswordCreds);
		break;
	case TS_SMARTCARD_CREDS:
		dissect_credssp_TSSmartCardCreds(FALSE, creds_tvb, 0, actx, tree, hf_credssp_TSSmartCardCreds);
		break;
	case TS_REMOTEGUARD_CREDS:
		dissect_credssp_TSRemoteGuardCreds(FALSE, creds_tvb, 0, actx, tree, hf_credssp_TSRemoteGuardCreds);
		break;
	}


#.FN_PARS NegoData/_item/negoToken VAL_PTR = &token_tvb

#.FN_BODY NegoData/_item/negoToken
	tvbuff_t *token_tvb = NULL;

	%(DEFAULT_BODY)s

	if(token_tvb != NULL)
		call_dissector(gssapi_handle, token_tvb, actx->pinfo, tree);


#.TYPE_ATTR
TSRemoteGuardPackageCred/packageName TYPE = FT_STRING DISPLAY = BASE_NONE STRINGS = NULL

#.FN_BODY TSRemoteGuardPackageCred/packageName VAL_PTR = &pname
	tvbuff_t *pname = NULL;

	offset = dissect_ber_octet_string(implicit_tag, actx, NULL, tvb, offset, hf_index, &pname);

	if(pname != NULL) {
		gint nlen = tvb_captured_length(pname);

		if (nlen == sizeof(kerberos_pname) && memcmp(tvb_get_ptr(pname, 0, nlen), kerberos_pname, nlen) == 0) {
			credssp_TS_RGC_package = TS_RGC_KERBEROS;
		} else if (nlen == sizeof(ntlm_pname) && memcmp(tvb_get_ptr(pname, 0, nlen), ntlm_pname, nlen) == 0) {
			credssp_TS_RGC_package = TS_RGC_NTLM;
		}
		proto_tree_add_item(tree, hf_index, pname, 0, -1, ENC_UTF_16|ENC_LITTLE_ENDIAN);
	}

#.FN_BODY TSRemoteGuardPackageCred/credBuffer VAL_PTR = &creds
	tvbuff_t *creds= NULL;
	proto_tree *subtree;

	%(DEFAULT_BODY)s

	if (!creds)
		return offset;

	switch(credssp_TS_RGC_package) {
	case TS_RGC_KERBEROS:
		subtree = proto_item_add_subtree(actx->created_item, ett_credssp_RGC_CredBuffer);
		dissect_kerberos_KERB_TICKET_LOGON(creds, 0, actx, subtree);
		break;
	case TS_RGC_NTLM:
		subtree = proto_item_add_subtree(actx->created_item, ett_credssp_RGC_CredBuffer);
		dissect_ntlmssp_NTLM_REMOTE_SUPPLEMENTAL_CREDENTIAL(creds, 0, subtree);
		break;
	}

#.END