1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
|
/* Do not modify this file. Changes will be overwritten. */
/* Generated automatically by the ASN.1 to Wireshark dissector compiler */
/* packet-kerberos.h */
/* asn2wrs.py -b -q -L -p kerberos -c ./kerberos.cnf -s ./packet-kerberos-template -D . -O ../.. KerberosV5Spec2.asn k5.asn RFC3244.asn RFC6113.asn SPAKE.asn */
/* packet-kerberos.h
* Routines for kerberos packet dissection
* Copyright 2007, Anders Broman <anders.broman@ericsson.com>
*
* Wireshark - Network traffic analyzer
* By Gerald Combs <gerald@wireshark.org>
* Copyright 1998 Gerald Combs
*
* SPDX-License-Identifier: GPL-2.0-or-later
*/
#ifndef __PACKET_KERBEROS_H
#define __PACKET_KERBEROS_H
#include "ws_symbol_export.h"
#ifdef __cplusplus
extern "C" {
#endif /* __cplusplus */
#ifndef KRB5_KU_USAGE_ACCEPTOR_SEAL
#define KRB5_KU_USAGE_ACCEPTOR_SEAL 22
#endif
#ifndef KRB5_KU_USAGE_ACCEPTOR_SIGN
#define KRB5_KU_USAGE_ACCEPTOR_SIGN 23
#endif
#ifndef KRB5_KU_USAGE_INITIATOR_SEAL
#define KRB5_KU_USAGE_INITIATOR_SEAL 24
#endif
#ifndef KRB5_KU_USAGE_INITIATOR_SIGN
#define KRB5_KU_USAGE_INITIATOR_SIGN 25
#endif
/* This is a list of callback functions a caller can use to specify that
octet strings in kerberos to be passed back to application specific
dissectors, outside of kerberos.
This is used for dissection of application specific data for PacketCable
KRB_SAFE user data and eventually to pass kerberos session keys
to future DCERPC decryption and other uses.
The list is terminated by {0, NULL }
*/
#define KRB_CBTAG_SAFE_USER_DATA 1
#define KRB_CBTAG_PRIV_USER_DATA 2
typedef struct _kerberos_callbacks {
int tag;
int (*callback)(packet_info *pinfo, tvbuff_t *tvb, proto_tree *tree);
} kerberos_callbacks;
/* Function prototypes */
bool
kerberos_is_win2k_pkinit(asn1_ctx_t *actx);
int
dissect_kerberos_main(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, bool do_col_info, kerberos_callbacks *cb);
int
dissect_krb5_Checksum(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_);
int
dissect_krb5_ctime(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_);
int dissect_krb5_cname(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_);
int dissect_krb5_realm(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_);
uint32_t kerberos_output_keytype(void);
unsigned get_krb_pdu_len(packet_info *, tvbuff_t *tvb, int offset, void *data _U_);
int kerberos_rm_to_reclen(unsigned krb_rm);
void
show_krb_recordmark(proto_tree *tree, tvbuff_t *tvb, int start, uint32_t krb_rm);
int
dissect_kerberos_KERB_TICKET_LOGON(tvbuff_t *tvb, int offset, asn1_ctx_t *actx, proto_tree *tree);
#ifdef HAVE_KERBEROS
#define KRB_MAX_ORIG_LEN 256
#define KRB_MAX_KEY_LENGTH 32
/*
* "18446744073709551615.18446744073709551615"
* sizeof("18446744073709551615") includes '\0',
* which is used once for '.' and then for '\0'.
*/
#define KRB_MAX_ID_STR_LEN (sizeof("18446744073709551615")*2)
#if defined(HAVE_HEIMDAL_KERBEROS) || defined(HAVE_MIT_KERBEROS)
typedef struct _enc_key_t {
struct _enc_key_t *next;
int keytype;
int keylength;
uint8_t keyvalue[KRB_MAX_KEY_LENGTH];
char key_origin[KRB_MAX_ORIG_LEN+1];
int fd_num; /* remember where we learned a key */
unsigned id; /* a unique id of the key, relative to fd_num */
char id_str[KRB_MAX_ID_STR_LEN+1];
/* EncTicketPart_key */
bool is_ticket_key;
/* EncAPRepPart_subkey */
bool is_ap_rep_key;
/*
* for now taken from dissect_krb5_PAC_UPN_DNS_INFO,
* we could also use dissect_krb5_PAC_LOGON_INFO if needed
*
* we get device_sid from dissect_krb5_PAC_DEVICE_INFO if available.
*
* We remember these from the PAC and
* attach it to EncTicketPart_key so it
* might be valid if is_ticket_key is true.
*
* When learning a EncAPRepPart_subkey
* we copy the details from the EncTicketPart_key,
* so when is_ap_rep_key is true we may also have it.
*
* So application protocols like SMB2 could use the
* is_ap_rep_key=true key details in order to identify
* the authenticated user.
*/
struct {
const char *account_name;
const char *account_domain;
const char *account_sid;
const char *device_sid;
} pac_names;
struct _enc_key_t *same_list;
unsigned num_same;
struct _enc_key_t *src1;
struct _enc_key_t *src2;
} enc_key_t;
extern enc_key_t *enc_key_list;
extern wmem_map_t *kerberos_longterm_keys;
uint8_t *
decrypt_krb5_data(proto_tree *tree, packet_info *pinfo,
int usage,
tvbuff_t *crypototvb,
int keytype,
int *datalen);
tvbuff_t *
decrypt_krb5_krb_cfx_dce(proto_tree *tree,
packet_info *pinfo,
int usage,
int keytype,
tvbuff_t *gssapi_header_tvb,
tvbuff_t *gssapi_encrypted_tvb,
tvbuff_t *gssapi_trailer_tvb,
tvbuff_t *checksum_tvb);
#endif /* HAVE_HEIMDAL_KERBEROS || HAVE_MIT_KERBEROS */
extern bool krb_decrypt;
#endif /* HAVE_KERBEROS */
#ifdef __cplusplus
}
#endif /* __cplusplus */
/* enumerated values for Applications */
#define KERBEROS_APPLICATIONS_TICKET 1
#define KERBEROS_APPLICATIONS_AUTHENTICATOR 2
#define KERBEROS_APPLICATIONS_ENCTICKETPART 3
#define KERBEROS_APPLICATIONS_AS_REQ 10
#define KERBEROS_APPLICATIONS_AS_REP 11
#define KERBEROS_APPLICATIONS_TGS_REQ 12
#define KERBEROS_APPLICATIONS_TGS_REP 13
#define KERBEROS_APPLICATIONS_AP_REQ 14
#define KERBEROS_APPLICATIONS_AP_REP 15
#define KERBEROS_APPLICATIONS_KRB_SAFE 20
#define KERBEROS_APPLICATIONS_KRB_PRIV 21
#define KERBEROS_APPLICATIONS_KRB_CRED 22
#define KERBEROS_APPLICATIONS_ENCASREPPART 25
#define KERBEROS_APPLICATIONS_ENCTGSREPPART 26
#define KERBEROS_APPLICATIONS_ENCAPREPPART 27
#define KERBEROS_APPLICATIONS_ENCKRBPRIVPART 28
#define KERBEROS_APPLICATIONS_ENCKRBCREDPART 29
#define KERBEROS_APPLICATIONS_KRB_ERROR 30
int dissect_kerberos_TGT_REQ(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
int dissect_kerberos_TGT_REP(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
int dissect_kerberos_ChangePasswdData(bool implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
#endif /* __PACKET_KERBEROS_H */
|