# kerberos.cnf # kerberos conformation file # Copyright 2008 Anders Broman #.EXPORTS ChangePasswdData Applications ONLY_ENUM TGT-REQ TGT-REP #.FIELD_RENAME Authenticator/_untag/subkey authenticator_subkey KDC-REQ-BODY/etype kDC-REQ-BODY_etype KRB-SAFE-BODY/user-data kRB-SAFE-BODY_user_data EncKrbPrivPart/user-data encKrbPrivPart_user_data EncryptedTicketData/cipher encryptedTicketData_cipher EncryptedAuthenticator/cipher encryptedAuthenticator_cipher EncryptedAuthorizationData/cipher encryptedAuthorizationData_cipher EncryptedKDCREPData/cipher encryptedKDCREPData_cipher PA-ENC-TIMESTAMP/cipher pA-ENC-TIMESTAMP_cipher EncryptedAPREPData/cipher encryptedAPREPData_cipher EncryptedKrbPrivData/cipher encryptedKrbPrivData_cipher EncryptedKrbCredData/cipher encryptedKrbCredData_cipher EncryptedKrbFastReq/cipher encryptedKrbFastReq_cipher EncryptedKrbFastResponse/cipher encryptedKrbFastResponse_cipher EncryptedChallenge/cipher encryptedChallenge_cipher EncAPRepPart/_untag/subkey encAPRepPart_subkey EncTicketPart/_untag/key encTicketPart_key EncKDCRepPart/key encKDCRepPart_key KRB-CRED/_untag/enc-part kRB_CRED_enc_part KRB-PRIV/_untag/enc-part kRB_PRIV_enc_part KrbCredInfo/key krbCredInfo_key AP-REP/_untag/enc-part aP_REP_enc_part KDC-REP/enc-part kDC_REP_enc_part KDC-REP/padata rEP_SEQUENCE_OF_PA_DATA KDC-REQ/padata rEQ_SEQUENCE_OF_PA_DATA Ticket/_untag/enc-part ticket_enc_part ETYPE-INFO-ENTRY/salt info_salt ETYPE-INFO2-ENTRY/salt info2_salt AP-REQ/_untag/authenticator authenticator_enc_part PA-FX-FAST-REQUEST/armored-data armored_data_request PA-FX-FAST-REPLY/armored-data armored_data_reply PA-KERB-KEY-LIST-REP/_item kerbKeyListRep_key #.FIELD_ATTR KDC-REQ-BODY/etype ABBREV=kdc-req-body.etype ETYPE-INFO-ENTRY/salt ABBREV=info_salt ETYPE-INFO2-ENTRY/salt ABBREV=info2_salt PA-KERB-KEY-LIST-REP/_item ABBREV=kerbKeyListRep.key NAME="key" #.OMIT_ASSIGNMENT AD-AND-OR AD-KDCIssued AD-LoginAlias AD-MANDATORY-FOR-KDC ChangePasswdDataMS EncryptedData EtypeList FastOptions KerberosFlags KrbFastFinished KrbFastResponse KrbFastReq KRB5SignedPath KRB5SignedPathData KRB5SignedPathPrincipals Krb5int32 Krb5uint32 PA-AUTHENTICATION-SET PA-ClientCanonicalized PA-ClientCanonicalizedNames PA-ENC-TS-ENC PA-ENC-SAM-RESPONSE-ENC PA-SAM-CHALLENGE-2 PA-SAM-CHALLENGE-2-BODY PA-SAM-REDIRECT PA-SAM-RESPONSE-2 PA-SAM-TYPE PA-SERVER-REFERRAL-DATA PA-ServerReferralData PA-SvrReferralData Principal PROV-SRV-LOCATION SAMFlags TYPED-DATA #.NO_EMIT ONLY_VALS Applications PA-FX-FAST-REPLY PA-FX-FAST-REQUEST #.MAKE_DEFINES ADDR-TYPE TYPE_PREFIX Applications TYPE_PREFIX #.MAKE_ENUM PADATA-TYPE PROT_PREFIX UPPER_CASE AUTHDATA-TYPE PROT_PREFIX UPPER_CASE KrbFastArmorTypes PROT_PREFIX UPPER_CASE #.FN_BODY MESSAGE-TYPE VAL_PTR = &msgtype kerberos_private_data_t *private_data = kerberos_get_private_data(actx); guint32 msgtype; %(DEFAULT_BODY)s #.FN_FTR MESSAGE-TYPE if (gbl_do_col_info) { col_add_str(actx->pinfo->cinfo, COL_INFO, val_to_str(msgtype, krb5_msg_types, "Unknown msg type %#x")); } gbl_do_col_info=FALSE; ##if 0 /* append the application type to the tree */ proto_item_append_text(tree, " %s", val_to_str(msgtype, krb5_msg_types, "Unknown:0x%x")); ##endif if (private_data->msg_type == 0) { private_data->msg_type = msgtype; } #.FN_BODY ERROR-CODE VAL_PTR = &private_data->errorcode kerberos_private_data_t *private_data = kerberos_get_private_data(actx); %(DEFAULT_BODY)s #.FN_FTR ERROR-CODE if (private_data->errorcode) { col_add_fstr(actx->pinfo->cinfo, COL_INFO, "KRB Error: %s", val_to_str(private_data->errorcode, krb5_error_codes, "Unknown error code %#x")); } #.END #.FN_BODY KRB-ERROR/_untag/e-data kerberos_private_data_t *private_data = kerberos_get_private_data(actx); switch (private_data->errorcode) { case KRB5_ET_KRB5KDC_ERR_BADOPTION: case KRB5_ET_KRB5KDC_ERR_CLIENT_REVOKED: case KRB5_ET_KRB5KDC_ERR_KEY_EXP: case KRB5_ET_KRB5KDC_ERR_POLICY: /* ms windows kdc sends e-data of this type containing a "salt" * that contains the nt_status code for these error codes. */ private_data->try_nt_status = TRUE; offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_kerberos_e_data, dissect_kerberos_PA_DATA); break; case KRB5_ET_KRB5KDC_ERR_PREAUTH_REQUIRED: case KRB5_ET_KRB5KDC_ERR_PREAUTH_FAILED: case KRB5_ET_KRB5KDC_ERR_ETYPE_NOSUPP: case KRB5_ET_KDC_ERR_WRONG_REALM: case KRB5_ET_KDC_ERR_PREAUTH_EXPIRED: case KRB5_ET_KDC_ERR_MORE_PREAUTH_DATA_REQUIRED: case KRB5_ET_KDC_ERR_PREAUTH_BAD_AUTHENTICATION_SET: case KRB5_ET_KDC_ERR_UNKNOWN_CRITICAL_FAST_OPTIONS: offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_kerberos_e_data, dissect_kerberos_T_rEP_SEQUENCE_OF_PA_DATA); break; default: offset=dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_kerberos_e_data, NULL); break; } #.FN_BODY PADATA-TYPE VAL_PTR=&(private_data->padata_type) kerberos_private_data_t* private_data = kerberos_get_private_data(actx); %(DEFAULT_BODY)s #.FN_FTR PADATA-TYPE if(tree){ proto_item_append_text(tree, " %s", val_to_str(private_data->padata_type, kerberos_PADATA_TYPE_vals, "Unknown:%d")); } #.FN_BODY KDC-REQ/padata kerberos_private_data_t* private_data = kerberos_get_private_data(actx); struct _kerberos_PA_FX_FAST_REQUEST saved_stack = private_data->PA_FX_FAST_REQUEST; /* * we need to defer calling dissect_kerberos_PA_FX_FAST_REQUEST, * see dissect_kerberos_defer_PA_FX_FAST_REQUEST() */ private_data->PA_FX_FAST_REQUEST = (struct _kerberos_PA_FX_FAST_REQUEST) { .defer = TRUE, }; %(DEFAULT_BODY)s if (private_data->PA_FX_FAST_REQUEST.tvb != NULL) { struct _kerberos_PA_FX_FAST_REQUEST used_stack = private_data->PA_FX_FAST_REQUEST; private_data->PA_FX_FAST_REQUEST = (struct _kerberos_PA_FX_FAST_REQUEST) { .defer = FALSE, }; /* * dissect_kerberos_defer_PA_FX_FAST_REQUEST() remembered * a tvb, so replay dissect_kerberos_PA_FX_FAST_REQUEST() * here. */ dissect_kerberos_PA_FX_FAST_REQUEST(FALSE, used_stack.tvb, 0, actx, used_stack.tree, -1); } private_data->PA_FX_FAST_REQUEST = saved_stack; #.FN_BODY KDC-REP/padata %(DEFAULT_BODY)s #.FN_BODY PA-DATA/padata-value proto_tree *sub_tree=tree; kerberos_private_data_t* private_data = kerberos_get_private_data(actx); if(actx->created_item){ sub_tree=proto_item_add_subtree(actx->created_item, ett_kerberos_PA_DATA); } switch(private_data->padata_type){ case KERBEROS_PA_TGS_REQ: private_data->within_PA_TGS_REQ++; offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_Applications); private_data->within_PA_TGS_REQ--; break; case KERBEROS_PA_PK_AS_REP_19: private_data->is_win2k_pkinit = TRUE; if (kerberos_private_is_kdc_req(private_data)) { offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_pkinit_PA_PK_AS_REQ_Win2k); } else { offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_pkinit_PA_PK_AS_REP_Win2k); } break; case KERBEROS_PA_PK_AS_REQ: offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_pkinit_PaPkAsReq); break; case KERBEROS_PA_PK_AS_REP: offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_pkinit_PaPkAsRep); break; case KERBEROS_PA_PAC_REQUEST: offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_PAC_REQUEST); break; case KERBEROS_PA_FOR_USER: /* S4U2SELF */ offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_S4U2Self); break; case KERBEROS_PA_FOR_X509_USER: if(private_data->msg_type == KRB5_MSG_AS_REQ){ offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_x509af_Certificate); }else if(private_data->is_enc_padata){ offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, NULL); }else{ offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_S4U_X509_USER); } break; case KERBEROS_PA_PROV_SRV_LOCATION: offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_krb5_PA_PROV_SRV_LOCATION); break; case KERBEROS_PA_ENC_TIMESTAMP: offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_ENC_TIMESTAMP); break; case KERBEROS_PA_ETYPE_INFO: offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_ETYPE_INFO); break; case KERBEROS_PA_ETYPE_INFO2: offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_ETYPE_INFO2); break; case KERBEROS_PA_PW_SALT: offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_krb5_PW_SALT); break; case KERBEROS_PA_AUTH_SET_SELECTED: offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_AUTHENTICATION_SET_ELEM); break; case KERBEROS_PA_FX_FAST: if (kerberos_private_is_kdc_req(private_data)) { offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_defer_PA_FX_FAST_REQUEST); }else{ offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_FX_FAST_REPLY); } break; case KERBEROS_PA_FX_ERROR: offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_Applications); break; case KERBEROS_PA_ENCRYPTED_CHALLENGE: offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_EncryptedChallenge); break; case KERBEROS_PA_KERB_KEY_LIST_REQ: offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset, hf_index, dissect_kerberos_PA_KERB_KEY_LIST_REQ); break; case KERBEROS_PA_KERB_KEY_LIST_REP: offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset, hf_index, dissect_kerberos_PA_KERB_KEY_LIST_REP); break; case KERBEROS_PA_SUPPORTED_ETYPES: offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_SUPPORTED_ENCTYPES); break; case KERBEROS_PA_PAC_OPTIONS: offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset, hf_index, dissect_kerberos_PA_PAC_OPTIONS); break; case KERBEROS_PA_REQ_ENC_PA_REP: offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_Checksum); break; case KERBEROS_PA_SPAKE: offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_SPAKE); break; default: offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, NULL); break; } #.FN_BODY HostAddress/address gint8 appclass; bool pc; gint32 tag; guint32 len; const char *address_str; proto_item *it=NULL; kerberos_private_data_t *private_data = kerberos_get_private_data(actx); /* read header and len for the octet string */ offset=dissect_ber_identifier(actx->pinfo, tree, tvb, offset, &appclass, &pc, &tag); offset=dissect_ber_length(actx->pinfo, tree, tvb, offset, &len, NULL); switch(private_data->addr_type){ case KERBEROS_ADDR_TYPE_IPV4: it=proto_tree_add_item(tree, hf_krb_address_ip, tvb, offset, 4, ENC_BIG_ENDIAN); address_str = tvb_ip_to_str(actx->pinfo->pool, tvb, offset); break; case KERBEROS_ADDR_TYPE_NETBIOS: { char netbios_name[(NETBIOS_NAME_LEN - 1)*4 + 1]; int netbios_name_type; int netbios_name_len = (NETBIOS_NAME_LEN - 1)*4 + 1; netbios_name_type = process_netbios_name(tvb_get_ptr(tvb, offset, 16), netbios_name, netbios_name_len); address_str = wmem_strdup_printf(actx->pinfo->pool, "%s<%02x>", netbios_name, netbios_name_type); it=proto_tree_add_string_format(tree, hf_krb_address_netbios, tvb, offset, 16, netbios_name, "NetBIOS Name: %s (%s)", address_str, netbios_name_type_descr(netbios_name_type)); } break; case KERBEROS_ADDR_TYPE_IPV6: it=proto_tree_add_item(tree, hf_krb_address_ipv6, tvb, offset, INET6_ADDRLEN, ENC_NA); address_str = tvb_ip6_to_str(actx->pinfo->pool, tvb, offset); break; default: proto_tree_add_expert(tree, actx->pinfo, &ei_kerberos_address, tvb, offset, len); address_str = NULL; break; } /* push it up two levels in the decode pane */ if(it && address_str){ proto_item_append_text(proto_item_get_parent(it), " %s",address_str); proto_item_append_text(proto_item_get_parent_nth(it, 2), " %s",address_str); } offset+=len; #.TYPE_ATTR #xxx TYPE = FT_UINT16 DISPLAY = BASE_DEC STRINGS = VALS(xx_vals) #.FN_BODY ENCTYPE VAL_PTR=&(private_data->etype) kerberos_private_data_t *private_data = kerberos_get_private_data(actx); %(DEFAULT_BODY)s #.FN_BODY EncryptedTicketData/cipher ##ifdef HAVE_KERBEROS offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_ticket_data); ##else %(DEFAULT_BODY)s ##endif #.FN_BODY EncryptedAuthorizationData/cipher ##ifdef HAVE_KERBEROS offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_authorization_data); ##else %(DEFAULT_BODY)s ##endif #.FN_BODY EncryptedAuthenticator/cipher ##ifdef HAVE_KERBEROS offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_authenticator_data); ##else %(DEFAULT_BODY)s ##endif #.FN_BODY EncryptedKDCREPData/cipher ##ifdef HAVE_KERBEROS offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_KDC_REP_data); ##else %(DEFAULT_BODY)s ##endif #.FN_BODY PA-ENC-TIMESTAMP/cipher ##ifdef HAVE_KERBEROS offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_PA_ENC_TIMESTAMP); ##else %(DEFAULT_BODY)s ##endif #.FN_BODY EncryptedAPREPData/cipher ##ifdef HAVE_KERBEROS offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_AP_REP_data); ##else %(DEFAULT_BODY)s ##endif #.FN_BODY EncryptedKrbPrivData/cipher ##ifdef HAVE_KERBEROS offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_PRIV_data); ##else %(DEFAULT_BODY)s ##endif #.FN_BODY EncryptedKrbCredData/cipher ##ifdef HAVE_KERBEROS offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_CRED_data); ##else %(DEFAULT_BODY)s ##endif #.FN_BODY CKSUMTYPE VAL_PTR=&(private_data->checksum_type) kerberos_private_data_t *private_data = kerberos_get_private_data(actx); %(DEFAULT_BODY)s #.FN_BODY Checksum/checksum tvbuff_t *next_tvb; kerberos_private_data_t *private_data = kerberos_get_private_data(actx); switch(private_data->checksum_type){ case KRB5_CHKSUM_GSSAPI: offset=dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_index, &next_tvb); dissect_krb5_rfc1964_checksum(actx, tree, next_tvb); break; default: offset=dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_index, NULL); break; } #.FN_BODY EncryptionKey/keytype VAL_PTR=&gbl_keytype kerberos_private_data_t *private_data = kerberos_get_private_data(actx); private_data->key_hidden_item = proto_tree_add_item(tree, hf_krb_key_hidden_item, tvb, 0, 0, ENC_NA); if (private_data->key_hidden_item != NULL) { proto_item_set_hidden(private_data->key_hidden_item); } offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index, &gbl_keytype); private_data->key.keytype = gbl_keytype; #.FN_BODY EncryptionKey/keyvalue VAL_PTR=&out_tvb tvbuff_t *out_tvb; kerberos_private_data_t *private_data = kerberos_get_private_data(actx); %(DEFAULT_BODY)s private_data->key.keylength = tvb_reported_length(out_tvb); private_data->key.keyvalue = tvb_get_ptr(out_tvb, 0, private_data->key.keylength); private_data->key_tree = tree; private_data->key_tvb = out_tvb; #.FN_BODY EncryptionKey kerberos_private_data_t *private_data = kerberos_get_private_data(actx); ##ifdef HAVE_KERBEROS int start_offset = offset; ##endif %(DEFAULT_BODY)s if (private_data->key.keytype != 0 && private_data->key.keylength > 0) { ##ifdef HAVE_KERBEROS int length = offset - start_offset; private_data->last_added_key = NULL; private_data->save_encryption_key_fn(tvb, start_offset, length, actx, tree, private_data->save_encryption_key_parent_hf_index, hf_index); private_data->last_added_key = NULL; ##endif } #.FN_BODY Authenticator/_untag/subkey kerberos_private_data_t *private_data = kerberos_get_private_data(actx); gint save_encryption_key_parent_hf_index = private_data->save_encryption_key_parent_hf_index; kerberos_key_save_fn saved_encryption_key_fn = private_data->save_encryption_key_fn; private_data->save_encryption_key_parent_hf_index = hf_kerberos_authenticator; ##ifdef HAVE_KERBEROS private_data->save_encryption_key_fn = save_Authenticator_subkey; ##endif %(DEFAULT_BODY)s private_data->save_encryption_key_parent_hf_index = save_encryption_key_parent_hf_index; private_data->save_encryption_key_fn = saved_encryption_key_fn; #.FN_BODY EncAPRepPart/_untag/subkey kerberos_private_data_t *private_data = kerberos_get_private_data(actx); gint save_encryption_key_parent_hf_index = private_data->save_encryption_key_parent_hf_index; kerberos_key_save_fn saved_encryption_key_fn = private_data->save_encryption_key_fn; private_data->save_encryption_key_parent_hf_index = hf_kerberos_encAPRepPart; ##ifdef HAVE_KERBEROS private_data->save_encryption_key_fn = save_EncAPRepPart_subkey; ##endif %(DEFAULT_BODY)s private_data->save_encryption_key_parent_hf_index = save_encryption_key_parent_hf_index; private_data->save_encryption_key_fn = saved_encryption_key_fn; #.FN_BODY EncKDCRepPart/key kerberos_private_data_t *private_data = kerberos_get_private_data(actx); gint save_encryption_key_parent_hf_index = private_data->save_encryption_key_parent_hf_index; kerberos_key_save_fn saved_encryption_key_fn = private_data->save_encryption_key_fn; switch (private_data->msg_type) { case KERBEROS_APPLICATIONS_AS_REP: private_data->save_encryption_key_parent_hf_index = hf_kerberos_encASRepPart; break; case KERBEROS_APPLICATIONS_TGS_REP: private_data->save_encryption_key_parent_hf_index = hf_kerberos_encTGSRepPart; break; default: private_data->save_encryption_key_parent_hf_index = -1; } ##ifdef HAVE_KERBEROS private_data->save_encryption_key_fn = save_EncKDCRepPart_key; ##endif %(DEFAULT_BODY)s private_data->save_encryption_key_parent_hf_index = save_encryption_key_parent_hf_index; private_data->save_encryption_key_fn = saved_encryption_key_fn; #.FN_BODY EncTicketPart/_untag/key kerberos_private_data_t *private_data = kerberos_get_private_data(actx); gint save_encryption_key_parent_hf_index = private_data->save_encryption_key_parent_hf_index; kerberos_key_save_fn saved_encryption_key_fn = private_data->save_encryption_key_fn; private_data->save_encryption_key_parent_hf_index = hf_kerberos_encTicketPart; ##ifdef HAVE_KERBEROS private_data->save_encryption_key_fn = save_EncTicketPart_key; ##endif %(DEFAULT_BODY)s private_data->save_encryption_key_parent_hf_index = save_encryption_key_parent_hf_index; private_data->save_encryption_key_fn = saved_encryption_key_fn; #.FN_BODY KrbCredInfo/key kerberos_private_data_t *private_data = kerberos_get_private_data(actx); gint save_encryption_key_parent_hf_index = private_data->save_encryption_key_parent_hf_index; kerberos_key_save_fn saved_encryption_key_fn = private_data->save_encryption_key_fn; private_data->save_encryption_key_parent_hf_index = hf_kerberos_ticket_info_item; ##ifdef HAVE_KERBEROS private_data->save_encryption_key_fn = save_KrbCredInfo_key; ##endif %(DEFAULT_BODY)s private_data->save_encryption_key_parent_hf_index = save_encryption_key_parent_hf_index; private_data->save_encryption_key_fn = saved_encryption_key_fn; #.FN_BODY PA-KERB-KEY-LIST-REP/_item kerberos_private_data_t *private_data = kerberos_get_private_data(actx); gint save_encryption_key_parent_hf_index = private_data->save_encryption_key_parent_hf_index; kerberos_key_save_fn saved_encryption_key_fn = private_data->save_encryption_key_fn; private_data->save_encryption_key_parent_hf_index = hf_kerberos_kerbKeyListRep_key; ##ifdef HAVE_KERBEROS private_data->save_encryption_key_fn = save_encryption_key; ##endif %(DEFAULT_BODY)s private_data->save_encryption_key_parent_hf_index = save_encryption_key_parent_hf_index; private_data->save_encryption_key_fn = saved_encryption_key_fn; #.FN_BODY AUTHDATA-TYPE VAL_PTR=&(private_data->ad_type) kerberos_private_data_t *private_data = kerberos_get_private_data(actx); %(DEFAULT_BODY)s #.FN_BODY AuthorizationData/_item/ad-data kerberos_private_data_t *private_data = kerberos_get_private_data(actx); switch(private_data->ad_type){ case KERBEROS_AD_WIN2K_PAC: offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset, hf_index, dissect_krb5_AD_WIN2K_PAC); break; case KERBEROS_AD_IF_RELEVANT: offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset, hf_index, dissect_kerberos_AD_IF_RELEVANT); break; case KERBEROS_AD_AUTHENTICATION_STRENGTH: offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset, hf_index, dissect_kerberos_PA_AUTHENTICATION_SET_ELEM); break; case KERBEROS_AD_GSS_API_ETYPE_NEGOTIATION: offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset, hf_index, dissect_kerberos_SEQUENCE_OF_ENCTYPE); break; case KERBEROS_AD_TOKEN_RESTRICTIONS: offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset, hf_index, dissect_kerberos_KERB_AD_RESTRICTION_ENTRY); break; case KERBEROS_AD_AP_OPTIONS: offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset, hf_index, dissect_kerberos_AD_AP_OPTIONS); break; case KERBEROS_AD_TARGET_PRINCIPAL: offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset, hf_index, dissect_kerberos_AD_TARGET_PRINCIPAL); break; default: offset=dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index, NULL); break; } #.FN_BODY S4UUserID/subject-certificate offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset,hf_index, dissect_x509af_Certificate); #.FN_BODY ADDR-TYPE VAL_PTR=&(private_data->addr_type) kerberos_private_data_t *private_data = kerberos_get_private_data(actx); %(DEFAULT_BODY)s #.FN_BODY KDC-REQ-BODY conversation_t *conversation; /* * UDP replies to KDC_REQs are sent from the server back to the client's * source port, similar to the way TFTP works. Set up a conversation * accordingly. * * Ref: Section 7.2.1 of * http://www.ietf.org/internet-drafts/draft-ietf-krb-wg-kerberos-clarifications-07.txt */ if (actx->pinfo->destport == UDP_PORT_KERBEROS && actx->pinfo->ptype == PT_UDP) { conversation = find_conversation(actx->pinfo->num, &actx->pinfo->src, &actx->pinfo->dst, CONVERSATION_UDP, actx->pinfo->srcport, 0, NO_PORT_B); if (conversation == NULL) { conversation = conversation_new(actx->pinfo->num, &actx->pinfo->src, &actx->pinfo->dst, CONVERSATION_UDP, actx->pinfo->srcport, 0, NO_PORT2); conversation_set_dissector(conversation, kerberos_handle_udp); } } %(DEFAULT_BODY)s #.FN_BODY KRB-SAFE-BODY/user-data kerberos_private_data_t* private_data = kerberos_get_private_data(actx); tvbuff_t *new_tvb; offset=dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_index, &new_tvb); if (new_tvb) { call_kerberos_callbacks(actx->pinfo, tree, new_tvb, KRB_CBTAG_SAFE_USER_DATA, private_data->callbacks); } #.FN_BODY EncKrbPrivPart/user-data kerberos_private_data_t* private_data = kerberos_get_private_data(actx); tvbuff_t *new_tvb; offset=dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_index, &new_tvb); if (new_tvb) { call_kerberos_callbacks(actx->pinfo, tree, new_tvb, KRB_CBTAG_PRIV_USER_DATA, private_data->callbacks); } #.FN_HDR EncKDCRepPart/encrypted-pa-data kerberos_private_data_t* private_data = kerberos_get_private_data(actx); private_data->is_enc_padata = TRUE; #.FN_FTR EncKDCRepPart/encrypted-pa-data private_data->is_enc_padata = FALSE; #.FN_BODY EncryptedKrbFastReq/cipher ##ifdef HAVE_KERBEROS offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_KrbFastReq); ##else %(DEFAULT_BODY)s ##endif #.FN_BODY EncryptedKrbFastResponse/cipher ##ifdef HAVE_KERBEROS offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_KrbFastResponse); ##else %(DEFAULT_BODY)s ##endif #.FN_BODY EncryptedChallenge/cipher ##ifdef HAVE_KERBEROS offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_EncryptedChallenge); ##else %(DEFAULT_BODY)s ##endif #.FN_BODY KrbFastArmorTypes VAL_PTR=&(private_data->fast_type) kerberos_private_data_t *private_data = kerberos_get_private_data(actx); %(DEFAULT_BODY)s #.FN_BODY KrbFastArmor/armor-value kerberos_private_data_t *private_data = kerberos_get_private_data(actx); switch(private_data->fast_type){ case KERBEROS_FX_FAST_ARMOR_AP_REQUEST: private_data->fast_armor_within_armor_value++; offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset, hf_index, dissect_kerberos_Applications); private_data->fast_armor_within_armor_value--; break; default: offset=dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index, NULL); break; } #.FN_BODY PA-SPAKE VAL_PTR=&(private_data->padata_type) kerberos_private_data_t* private_data = kerberos_get_private_data(actx); %(DEFAULT_BODY)s #.FN_FTR PA-SPAKE if(tree){ proto_item_append_text(tree, " %s", val_to_str(private_data->padata_type, kerberos_PA_SPAKE_vals, "Unknown:%d")); }