diff options
| author | Ronnie Sahlberg <ronnie_sahlberg@ozemail.com.au> | 2004-05-26 08:53:45 +0000 |
|---|---|---|
| committer | Ronnie Sahlberg <ronnie_sahlberg@ozemail.com.au> | 2004-05-26 08:53:45 +0000 |
| commit | 8451fe82d06b8d3b9c0c3f05a042bc1542522c01 (patch) | |
| tree | b075eed99892cd02427661996249e3cb33a80722 | |
| parent | 9b6feaee203ba96056c00801e4aee42915aa2a06 (diff) | |
implementation of the KRB_SAFE application
svn path=/trunk/; revision=11005
| -rw-r--r-- | packet-kerberos.c | 110 |
1 files changed, 109 insertions, 1 deletions
diff --git a/packet-kerberos.c b/packet-kerberos.c index 114aa1590c..3d5030b479 100644 --- a/packet-kerberos.c +++ b/packet-kerberos.c @@ -23,7 +23,7 @@ * * Some structures from RFC2630 * - * $Id: packet-kerberos.c,v 1.64 2004/05/25 02:59:14 guy Exp $ + * $Id: packet-kerberos.c,v 1.65 2004/05/26 08:53:45 sahlberg Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -112,6 +112,7 @@ static gint hf_krb_encrypted_KDC_REP_data = -1; static gint hf_krb_PA_DATA_type = -1; static gint hf_krb_PA_DATA_value = -1; static gint hf_krb_etype_info_salt = -1; +static gint hf_krb_SAFE_BODY_user_data = -1; static gint hf_krb_realm = -1; static gint hf_krb_crealm = -1; static gint hf_krb_sname = -1; @@ -125,6 +126,7 @@ static gint hf_krb_from = -1; static gint hf_krb_till = -1; static gint hf_krb_authtime = -1; static gint hf_krb_patimestamp = -1; +static gint hf_krb_SAFE_BODY_timestamp = -1; static gint hf_krb_pausec = -1; static gint hf_krb_lr_time = -1; static gint hf_krb_starttime = -1; @@ -136,6 +138,7 @@ static gint hf_krb_ctime = -1; static gint hf_krb_cusec = -1; static gint hf_krb_stime = -1; static gint hf_krb_susec = -1; +static gint hf_krb_SAFE_BODY_usec = -1; static gint hf_krb_nonce = -1; static gint hf_krb_transitedtype = -1; static gint hf_krb_transitedcontents = -1; @@ -168,6 +171,7 @@ static gint hf_krb_LastReq = -1; static gint hf_krb_Authenticator = -1; static gint hf_krb_Checksum = -1; static gint hf_krb_signedAuthPack = -1; +static gint hf_krb_s_address = -1; static gint hf_krb_HostAddress = -1; static gint hf_krb_HostAddresses = -1; static gint hf_krb_APOptions = -1; @@ -203,6 +207,8 @@ static gint hf_krb_KDCOptions_enc_tkt_in_skey = -1; static gint hf_krb_KDCOptions_renew = -1; static gint hf_krb_KDCOptions_validate = -1; static gint hf_krb_KDC_REQ_BODY = -1; +static gint hf_krb_SAFE = -1; +static gint hf_krb_SAFE_BODY = -1; static gint hf_krb_PRIV_BODY = -1; static gint hf_krb_ENC_PRIV = -1; static gint hf_krb_authenticator_enc = -1; @@ -235,6 +241,7 @@ static gint ett_krb_LastReqs = -1; static gint ett_krb_IF_RELEVANT = -1; static gint ett_krb_PA_DATA_tree = -1; static gint ett_krb_PAC = -1; +static gint ett_krb_s_address = -1; static gint ett_krb_HostAddress = -1; static gint ett_krb_HostAddresses = -1; static gint ett_krb_authenticator_enc = -1; @@ -245,6 +252,8 @@ static gint ett_krb_request = -1; static gint ett_krb_recordmark = -1; static gint ett_krb_ticket = -1; static gint ett_krb_ticket_enc = -1; +static gint ett_krb_SAFE = -1; +static gint ett_krb_SAFE_BODY = -1; static gint ett_krb_PRIV = -1; static gint ett_krb_PRIV_enc = -1; @@ -820,6 +829,7 @@ static int dissect_krb5_KDC_REQ(packet_info *pinfo, proto_tree *tree, tvbuff_t * static int dissect_krb5_KDC_REP(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset); static int dissect_krb5_AP_REQ(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset); static int dissect_krb5_AP_REP(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset); +static int dissect_krb5_SAFE(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset); static int dissect_krb5_PRIV(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset); static int dissect_krb5_ERROR(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset); @@ -835,6 +845,7 @@ static const ber_choice kerberos_applications_choice[] = { { KRB5_MSG_ENC_AS_REP_PART, BER_CLASS_APP, KRB5_MSG_ENC_AS_REP_PART, 0, dissect_krb5_EncKDCRepPart }, { KRB5_MSG_ENC_TGS_REP_PART, BER_CLASS_APP, KRB5_MSG_ENC_TGS_REP_PART, 0, dissect_krb5_EncKDCRepPart }, { KRB5_MSG_ENC_AP_REP_PART, BER_CLASS_APP, KRB5_MSG_ENC_AP_REP_PART, 0, dissect_krb5_EncAPRepPart }, + { KRB5_MSG_SAFE, BER_CLASS_APP, KRB5_MSG_SAFE, 0, dissect_krb5_SAFE }, { KRB5_MSG_PRIV, BER_CLASS_APP, KRB5_MSG_PRIV, 0, dissect_krb5_PRIV }, { KRB5_MSG_ERROR, BER_CLASS_APP, KRB5_MSG_ERROR, 0, dissect_krb5_ERROR }, { 0, 0, 0, 0, NULL } @@ -1168,6 +1179,14 @@ dissect_krb5_HostAddress(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, in return offset; } +static int +dissect_krb5_s_address(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) +{ + + offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, HostAddress_sequence, hf_krb_s_address, ett_krb_s_address); + + return offset; +} /* * HostAddresses ::= SEQUENCE OF SEQUENCE { @@ -2467,6 +2486,74 @@ dissect_krb5_PRIV(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offse } +static int +dissect_krb5_SAFE_BODY_user_data(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) +{ + offset=dissect_ber_octet_string(FALSE, pinfo, tree, tvb, offset, hf_krb_SAFE_BODY_user_data, NULL); + return offset; +} +static int +dissect_krb5_SAFE_BODY_timestamp(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) +{ + offset=dissect_ber_generalized_time(pinfo, tree, tvb, offset, hf_krb_SAFE_BODY_timestamp); + return offset; +} + +static int +dissect_krb5_SAFE_BODY_usec(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) +{ + offset=dissect_ber_integer(pinfo, tree, tvb, offset, hf_krb_SAFE_BODY_usec, NULL); + return offset; +} + +static ber_sequence SAFE_BODY_sequence[] = { + { BER_CLASS_CON, 0, 0, + dissect_krb5_SAFE_BODY_user_data }, + { BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, + dissect_krb5_SAFE_BODY_timestamp }, + { BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL, + dissect_krb5_SAFE_BODY_usec }, + { BER_CLASS_CON, 3, BER_FLAGS_OPTIONAL, + dissect_krb5_seq_number }, + /*XXX this one is OPTIONAL in packetcable? but mandatory in kerberos */ + { BER_CLASS_CON, 4, BER_FLAGS_OPTIONAL, + dissect_krb5_s_address }, + { BER_CLASS_CON, 5, BER_FLAGS_OPTIONAL, + dissect_krb5_HostAddresses }, + { 0, 0, 0, NULL } +}; +static int +dissect_krb5_SAFE_BODY(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) +{ + + offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, SAFE_BODY_sequence, hf_krb_SAFE_BODY, ett_krb_SAFE_BODY); + + return offset; +} + + + +static ber_sequence SAFE_sequence[] = { + { BER_CLASS_CON, 0, 0, + dissect_krb5_pvno }, + { BER_CLASS_CON, 1, 0, + dissect_krb5_msg_type }, + { BER_CLASS_CON, 2, 0, + dissect_krb5_SAFE_BODY }, + { BER_CLASS_CON, 3, 0, + dissect_krb5_Checksum }, + { 0, 0, 0, NULL } +}; +static int +dissect_krb5_SAFE(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int offset) +{ + + offset=dissect_ber_sequence(FALSE, pinfo, tree, tvb, offset, SAFE_sequence, hf_krb_SAFE, ett_krb_SAFE); + + return offset; +} + + /* * KDC-REQ-BODY ::= SEQUENCE { * kdc-options[0] KDCOptions, @@ -3269,6 +3356,9 @@ proto_register_kerberos(void) { &hf_krb_authtime, { "Authtime", "kerberos.authtime", FT_STRING, BASE_NONE, NULL, 0, "Time of initial authentication", HFILL }}, + { &hf_krb_SAFE_BODY_timestamp, { + "Timestamp", "kerberos.SAFE_BODY.timestamp", FT_STRING, BASE_NONE, + NULL, 0, "Timestamp of this SAFE_BODY", HFILL }}, { &hf_krb_patimestamp, { "patimestamp", "kerberos.patimestamp", FT_STRING, BASE_NONE, NULL, 0, "Time of client", HFILL }}, @@ -3299,6 +3389,9 @@ proto_register_kerberos(void) { &hf_krb_cusec, { "cusec", "kerberos.cusec", FT_UINT32, BASE_DEC, NULL, 0, "micro second component of client time", HFILL }}, + { &hf_krb_SAFE_BODY_usec, { + "usec", "kerberos.SAFE_BODY.usec", FT_UINT32, BASE_DEC, + NULL, 0, "micro second component of SAFE_BODY time", HFILL }}, { &hf_krb_stime, { "stime", "kerberos.stime", FT_STRING, BASE_NONE, NULL, 0, "Current Time on the server host", HFILL }}, @@ -3395,6 +3488,12 @@ proto_register_kerberos(void) { &hf_krb_PRIV_BODY, { "PRIV_BODY", "kerberos.priv_body", FT_NONE, BASE_NONE, NULL, 0, "Kerberos PRIVate BODY", HFILL }}, + { &hf_krb_SAFE, { + "SAFE", "kerberos.safe", FT_NONE, BASE_NONE, + NULL, 0, "Kerberos SAFE structure", HFILL }}, + { &hf_krb_SAFE_BODY, { + "SAFE BODY", "kerberos.safe_body", FT_NONE, BASE_NONE, + NULL, 0, "Kerberos SAFE_BODY structure", HFILL }}, { &hf_krb_encrypted_PRIV, { "Encrypted PRIV", "kerberos.enc_priv", FT_NONE, BASE_NONE, NULL, 0, "Kerberos Encrypted PRIVate blob data", HFILL }}, @@ -3494,6 +3593,9 @@ proto_register_kerberos(void) { &hf_krb_etype_info_salt, { "Salt", "kerberos.etype_info.salt", FT_BYTES, BASE_HEX, NULL, 0, "Salt", HFILL }}, + { &hf_krb_SAFE_BODY_user_data, { + "User Data", "kerberos.SAFE_BODY.user_data", FT_BYTES, BASE_HEX, + NULL, 0, "SAFE BODY userdata field", HFILL }}, { &hf_krb_pac_signature_signature, { "Signature", "kerberos.pac.signature.signature", FT_BYTES, BASE_HEX, NULL, 0, "A PAC signature blob", HFILL }}, @@ -3509,6 +3611,9 @@ proto_register_kerberos(void) { &hf_krb_HostAddress, { "HostAddress", "kerberos.hostaddress", FT_NONE, BASE_DEC, NULL, 0, "This is a Kerberos HostAddress sequence", HFILL }}, + { &hf_krb_s_address, { + "S-Address", "kerberos.s_address", FT_NONE, BASE_DEC, + NULL, 0, "This is the Senders address", HFILL }}, { &hf_krb_signedAuthPack, { "signedAuthPack", "kerberos.signedAuthPack", FT_NONE, BASE_DEC, NULL, 0, "This is a Kerberos ContentInfo sequence", HFILL }}, @@ -3621,6 +3726,7 @@ proto_register_kerberos(void) &ett_krb_LastReqs, &ett_krb_IF_RELEVANT, &ett_krb_PA_DATA_tree, + &ett_krb_s_address, &ett_krb_HostAddress, &ett_krb_HostAddresses, &ett_krb_authenticator_enc, @@ -3631,6 +3737,8 @@ proto_register_kerberos(void) &ett_krb_recordmark, &ett_krb_ticket, &ett_krb_ticket_enc, + &ett_krb_SAFE, + &ett_krb_SAFE_BODY, &ett_krb_PRIV, &ett_krb_PRIV_enc, &ett_krb_EncTicketPart, |