Updated the Kerberos ASN.1 dissector to the point I believe it can replace the "hand made" one. Bug 8649 (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8649)

Letting the more experienced ASN.1 developers tweak it a little more before the "generated" dissector is accepted (which is why it's not included here)

svn path=/trunk/; revision=49328

1 files changed, 216 insertions, 16 deletions

diff --git a/asn1/kerberos/kerberos.cnf b/asn1/kerberos/kerberos.cnf
index bed98692b4..801c1e9644 100644
--- a/asn1/kerberos/kerberos.cnf
+++ b/asn1/kerberos/kerberos.cnf
@@ -11,12 +11,27 @@ Realm
 #.FIELD_RENAME
 EncryptedData/etype encryptedData_etype
 KDC-REQ-BODY/etype kDC-REQ-BODY_etype
+KRB-SAFE-BODY/user-data kRB-SAFE-BODY_user_data
+EncKrbPrivPart/user-data encKrbPrivPart_user_data
+EncryptedTicketData/cipher encryptedTicketData_cipher
+EncryptedAuthorizationData/cipher encryptedAuthorizationData_cipher
+EncryptedKDCREPData/cipher encryptedKDCREPData_cipher
+PA-ENC-TIMESTAMP/cipher pA-ENC-TIMESTAMP_cipher
+EncryptedAPREPData/cipher encryptedAPREPData_cipher
+EncryptedKrbPrivData/cipher encryptedKrbPrivData_cipher
+EncryptedKrbCredData/cipher encryptedKrbCredData_cipher
+KRB-CRED/_untag/enc-part kRB_CRED_enc_part
+KRB-PRIV/_untag/enc-part kRB_PRIV_enc_part
+AP-REP/_untag/enc-part aP_REP_enc_part
+KDC-REP/enc-part kDC_REP_enc_part
+Ticket/_untag/enc-part ticket_enc_part
+
 
 #.FN_BODY MESSAGE-TYPE VAL_PTR = &msgtype
 guint32 msgtype;
 
 %(DEFAULT_BODY)s
-	if (do_col_info & check_col(actx->pinfo->cinfo, COL_INFO)) {
+	if (do_col_info) {
 		col_add_str(actx->pinfo->cinfo, COL_INFO,
 			val_to_str(msgtype, krb5_msg_types,
 			"Unknown msg type %%#x"));
@@ -29,7 +44,7 @@ guint32 msgtype;
 	
 #.FN_BODY ERROR-CODE VAL_PTR = &krb5_errorcode
 %(DEFAULT_BODY)s
-	if(krb5_errorcode && check_col(actx->pinfo->cinfo, COL_INFO)) {
+	if(krb5_errorcode) {
 		col_add_fstr(actx->pinfo->cinfo, COL_INFO,
 			"KRB Error: %%s",
 			val_to_str(krb5_errorcode, krb5_error_codes,
@@ -63,24 +78,32 @@ guint32 msgtype;
 #.FN_BODY Int32 VAL_PTR = actx->value_ptr
 %(DEFAULT_BODY)s
 
-#.FN_BODY PADATA-TYPE VAL_PTR = &krb_PA_DATA_type
+#.FN_BODY PADATA-TYPE
 
-%(DEFAULT_BODY)s
+	actx->value_ptr = ep_alloc(sizeof(guint32));
+
+	offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
+									actx->value_ptr);
 
 	if(tree){
 		proto_item_append_text(tree, " %%s",
-			val_to_str(krb_PA_DATA_type, krb5_preauthentication_types,
+			val_to_str(*((guint32*)actx->value_ptr), krb5_preauthentication_types,
 			"Unknown:%%d"));
 	}
 
 #.FN_BODY PA-DATA/padata-value
-proto_tree *sub_tree=tree;
+	proto_tree *sub_tree=tree;
+	guint32 PA_DATA_type = 0;
+
+	if (actx->value_ptr) {
+		PA_DATA_type = *((guint32*)actx->value_ptr);
+	}
 
 	if(actx->created_item){
 		sub_tree=proto_item_add_subtree(actx->created_item, ett_kerberos_PA_DATA);
 	}
 
-	switch(krb_PA_DATA_type){
+	switch(PA_DATA_type){
 	case KRB5_PA_TGS_REQ:
 		offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_Applications);
  		break;
@@ -114,10 +137,6 @@ proto_tree *sub_tree=tree;
 	default:
 		offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, NULL);
 	}
-/*qqq*/
-
-#.FN_BODY ADDR-TYPE VAL_PTR = &addr_type
-%(DEFAULT_BODY)s
 
 #.FN_BODY HostAddress/address
 	gint8 class;
@@ -126,18 +145,22 @@ proto_tree *sub_tree=tree;
 	guint32 len;
 	char *address_str;
 	proto_item *it=NULL;
+	guint32 addr_type = 0;
 
 	/* read header and len for the octet string */
 	offset=dissect_ber_identifier(actx->pinfo, tree, tvb, offset, &class, &pc, &tag);
 	offset=dissect_ber_length(actx->pinfo, tree, tvb, offset, &len, NULL);
 
-	address_str=ep_alloc(256);
+	if (actx->value_ptr) {
+		addr_type = *((guint32*)actx->value_ptr);
+	}
+
+	address_str=ep_alloc(ADDRESS_STR_BUFSIZ);
 	address_str[0]=0;
-	address_str[255]=0;
 	switch(addr_type){
 	case KRB5_ADDR_IPv4:
 		it=proto_tree_add_item(tree, hf_krb_address_ip, tvb, offset, 4, ENC_BIG_ENDIAN);
-		g_snprintf(address_str,256,"%d.%d.%d.%d",tvb_get_guint8(tvb, offset),tvb_get_guint8(tvb, offset+1),tvb_get_guint8(tvb, offset+2),tvb_get_guint8(tvb, offset+3));
+		g_snprintf(address_str,ADDRESS_STR_BUFSIZ,"%d.%d.%d.%d",tvb_get_guint8(tvb, offset),tvb_get_guint8(tvb, offset+1),tvb_get_guint8(tvb, offset+2),tvb_get_guint8(tvb, offset+3));
 		break;
 	case KRB5_ADDR_NETBIOS:
 		{
@@ -146,13 +169,13 @@ proto_tree *sub_tree=tree;
 		int netbios_name_len = (NETBIOS_NAME_LEN - 1)*4 + 1;
 
 		netbios_name_type = process_netbios_name(tvb_get_ptr(tvb, offset, 16), netbios_name, netbios_name_len);
-		g_snprintf(address_str, 255, "%s<%02x>", netbios_name, netbios_name_type);
+		g_snprintf(address_str, ADDRESS_STR_BUFSIZ, "%s<%02x>", netbios_name, netbios_name_type);
 		it=proto_tree_add_string_format(tree, hf_krb_address_netbios, tvb, offset, 16, netbios_name, "NetBIOS Name: %s (%s)", address_str, netbios_name_type_descr(netbios_name_type));
 		}
 		break;
 	case KRB5_ADDR_IPv6:
 		it=proto_tree_add_item(tree, hf_krb_address_ipv6, tvb, offset, INET6_ADDRLEN, ENC_NA);
-		g_snprintf(address_str, 256, "%s", ip6_to_str((const struct e_in6_addr *)tvb_get_ptr(tvb, offset, INET6_ADDRLEN)));
+		g_snprintf(address_str, ADDRESS_STR_BUFSIZ, "%s", ip6_to_str((const struct e_in6_addr *)tvb_get_ptr(tvb, offset, INET6_ADDRLEN)));
 		break;
 	default:
 		proto_tree_add_text(tree, tvb, offset, len, "KRB Address: I dont know how to parse this type of address yet");
@@ -172,4 +195,181 @@ proto_tree *sub_tree=tree;
 #.TYPE_ATTR
 #xxx TYPE = FT_UINT16  DISPLAY = BASE_DEC  STRINGS = VALS(xx_vals)
 
+#.FN_BODY ENCTYPE
+	actx->value_ptr = ep_alloc(sizeof(guint32));
+
+	offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
+									actx->value_ptr);
+
+#.FN_BODY EncryptedTicketData/cipher
+/**/#ifdef HAVE_KERBEROS
+	offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_ticket_data);
+/**/#else
+%(DEFAULT_BODY)s
+/**/#endif
+	return offset;
+
+#.FN_BODY EncryptedAuthorizationData/cipher
+/**/#ifdef HAVE_KERBEROS
+	offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_authenticator_data);
+/**/#else
+%(DEFAULT_BODY)s
+/**/#endif
+	return offset;
+
+#.FN_BODY EncryptedKDCREPData/cipher
+/**/#ifdef HAVE_KERBEROS
+	offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_KDC_REP_data);
+/**/#else
+%(DEFAULT_BODY)s
+/**/#endif
+	return offset;
+
+#.FN_BODY PA-ENC-TIMESTAMP/cipher
+/**/#ifdef HAVE_KERBEROS
+	offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_PA_ENC_TIMESTAMP);
+/**/#else
+%(DEFAULT_BODY)s
+/**/#endif
+	return offset;
+
+#.FN_BODY EncryptedAPREPData/cipher
+/**/#ifdef HAVE_KERBEROS
+	offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_AP_REP_data);
+/**/#else
+%(DEFAULT_BODY)s
+/**/#endif
+	return offset;
+
+#.FN_BODY EncryptedKrbPrivData/cipher
+/**/#ifdef HAVE_KERBEROS
+	offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_PRIV_data);
+/**/#else
+%(DEFAULT_BODY)s
+/**/#endif
+	return offset;
+
+#.FN_BODY EncryptedKrbCredData/cipher
+/**/#ifdef HAVE_KERBEROS
+	offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_CRED_data);
+/**/#else
+%(DEFAULT_BODY)s
+/**/#endif
+	return offset;
+
+
+#.FN_BODY CKSUMTYPE
+	actx->value_ptr = ep_alloc(sizeof(guint32));
+
+	offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
+									actx->value_ptr);
+
+#.FN_BODY Checksum/checksum
+	tvbuff_t *next_tvb;
+	guint32 checksum_type = 0;
+
+	if (actx->value_ptr) {
+		checksum_type = *((guint32*)actx->value_ptr);
+	}
+
+	switch(checksum_type){
+	case KRB5_CHKSUM_GSSAPI:
+		offset=dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_index, &next_tvb);
+		dissect_krb5_rfc1964_checksum(actx, tree, next_tvb);
+		break;
+	default:
+		offset=dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_index, NULL);
+	}
+	return offset;
+
+#.FN_BODY EncryptionKey/keytype
+	kerberos_key_t* key = ep_alloc(sizeof(kerberos_key_t));
+	actx->value_ptr = key;
+
+	offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
+									key->keytype);
+
+#.FN_BODY EncryptionKey/keyvalue
+	kerberos_key_t* key = (kerberos_key_t*)actx->value_ptr;
+
+	if (key != NULL) {
+		key->keylength = tvb_length_remaining(tvb, offset);
+		key->keyvalue = tvb_get_ptr(tvb, offset, key->keylength);
+	}
+
+%(DEFAULT_BODY)s
+
+#.FN_BODY EncryptionKey
+	kerberos_key_t* key = (kerberos_key_t*)actx->value_ptr;
+
+	%(DEFAULT_BODY)s
+
+	if (key != NULL) {
+		add_encryption_key(actx->pinfo, key->keytype, key->keylength, key->keyvalue, "key");
+	}
+
+#.FN_BODY AuthorizationData/_item/ad-type
+	actx->value_ptr = ep_alloc(sizeof(guint32));
+
+	offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
+									actx->value_ptr);
+
+#.FN_BODY AuthorizationData/_item/ad-data
+	guint32 adtype = 0;
+
+	if (actx->value_ptr) {
+		adtype = *((guint32*)actx->value_ptr);
+	}
+
+	switch(adtype){
+	case KRB5_AD_IF_RELEVANT:
+		offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset, hf_index, dissect_kerberos_AD_IF_RELEVANT);
+		break;
+	default:
+		offset=dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index, NULL);
+	}
+
+#.FN_BODY HostAddress/addr-type
+	actx->value_ptr = ep_alloc(sizeof(guint32));
+
+	offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
+									actx->value_ptr);
+
+	
+#.FN_BODY KDC-REQ-BODY
+	conversation_t *conversation;
+
+	/*
+	 * UDP replies to KDC_REQs are sent from the server back to the client's
+	 * source port, similar to the way TFTP works.  Set up a conversation
+	 * accordingly.
+	 *
+	 * Ref: Section 7.2.1 of
+	 * http://www.ietf.org/internet-drafts/draft-ietf-krb-wg-kerberos-clarifications-07.txt
+	 */
+	if (actx->pinfo->destport == UDP_PORT_KERBEROS && actx->pinfo->ptype == PT_UDP) {
+		conversation = find_conversation(actx->pinfo->fd->num, &actx->pinfo->src, &actx->pinfo->dst, PT_UDP,
+											actx->pinfo->srcport, 0, NO_PORT_B);
+		if (conversation == NULL) {
+			conversation = conversation_new(actx->pinfo->fd->num, &actx->pinfo->src, &actx->pinfo->dst, PT_UDP,
+											actx->pinfo->srcport, 0, NO_PORT2);
+			conversation_set_dissector(conversation, kerberos_handle_udp);
+		}
+	}
+
+	%(DEFAULT_BODY)s
+
+#.FN_BODY KRB-SAFE-BODY/user-data
+	tvbuff_t *new_tvb;
+	offset=dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_index, &new_tvb);
+	if (new_tvb) {
+		call_kerberos_callbacks(actx->pinfo, tree, new_tvb, KRB_CBTAG_SAFE_USER_DATA);
+	}
+
+#.FN_BODY EncKrbPrivPart/user-data
+	tvbuff_t *new_tvb;
+	offset=dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_index, &new_tvb);
+	if (new_tvb) {
+		call_kerberos_callbacks(actx->pinfo, tree, new_tvb, KRB_CBTAG_PRIV_USER_DATA);
+	}