diff options
author | Michael Mann <mmann78@netscape.net> | 2013-05-16 12:21:43 +0000 |
---|---|---|
committer | Michael Mann <mmann78@netscape.net> | 2013-05-16 12:21:43 +0000 |
commit | 7efa0fdb29facf8c078ba692553706a23e3fad6c (patch) | |
tree | c97e653a94d3bb56b29271215d3c14b0cdd47f50 /asn1/kerberos/kerberos.cnf | |
parent | c1f144e9aaf430679d4fb888644b8d6e669ebd0d (diff) |
Updated the Kerberos ASN.1 dissector to the point I believe it can replace the "hand made" one. Bug 8649 (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8649)
Letting the more experienced ASN.1 developers tweak it a little more before the "generated" dissector is accepted (which is why it's not included here)
svn path=/trunk/; revision=49328
Diffstat (limited to 'asn1/kerberos/kerberos.cnf')
-rw-r--r-- | asn1/kerberos/kerberos.cnf | 232 |
1 files changed, 216 insertions, 16 deletions
diff --git a/asn1/kerberos/kerberos.cnf b/asn1/kerberos/kerberos.cnf index bed98692b4..801c1e9644 100644 --- a/asn1/kerberos/kerberos.cnf +++ b/asn1/kerberos/kerberos.cnf @@ -11,12 +11,27 @@ Realm #.FIELD_RENAME EncryptedData/etype encryptedData_etype KDC-REQ-BODY/etype kDC-REQ-BODY_etype +KRB-SAFE-BODY/user-data kRB-SAFE-BODY_user_data +EncKrbPrivPart/user-data encKrbPrivPart_user_data +EncryptedTicketData/cipher encryptedTicketData_cipher +EncryptedAuthorizationData/cipher encryptedAuthorizationData_cipher +EncryptedKDCREPData/cipher encryptedKDCREPData_cipher +PA-ENC-TIMESTAMP/cipher pA-ENC-TIMESTAMP_cipher +EncryptedAPREPData/cipher encryptedAPREPData_cipher +EncryptedKrbPrivData/cipher encryptedKrbPrivData_cipher +EncryptedKrbCredData/cipher encryptedKrbCredData_cipher +KRB-CRED/_untag/enc-part kRB_CRED_enc_part +KRB-PRIV/_untag/enc-part kRB_PRIV_enc_part +AP-REP/_untag/enc-part aP_REP_enc_part +KDC-REP/enc-part kDC_REP_enc_part +Ticket/_untag/enc-part ticket_enc_part + #.FN_BODY MESSAGE-TYPE VAL_PTR = &msgtype guint32 msgtype; %(DEFAULT_BODY)s - if (do_col_info & check_col(actx->pinfo->cinfo, COL_INFO)) { + if (do_col_info) { col_add_str(actx->pinfo->cinfo, COL_INFO, val_to_str(msgtype, krb5_msg_types, "Unknown msg type %%#x")); @@ -29,7 +44,7 @@ guint32 msgtype; #.FN_BODY ERROR-CODE VAL_PTR = &krb5_errorcode %(DEFAULT_BODY)s - if(krb5_errorcode && check_col(actx->pinfo->cinfo, COL_INFO)) { + if(krb5_errorcode) { col_add_fstr(actx->pinfo->cinfo, COL_INFO, "KRB Error: %%s", val_to_str(krb5_errorcode, krb5_error_codes, @@ -63,24 +78,32 @@ guint32 msgtype; #.FN_BODY Int32 VAL_PTR = actx->value_ptr %(DEFAULT_BODY)s -#.FN_BODY PADATA-TYPE VAL_PTR = &krb_PA_DATA_type +#.FN_BODY PADATA-TYPE -%(DEFAULT_BODY)s + actx->value_ptr = ep_alloc(sizeof(guint32)); + + offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index, + actx->value_ptr); if(tree){ proto_item_append_text(tree, " %%s", - val_to_str(krb_PA_DATA_type, krb5_preauthentication_types, + val_to_str(*((guint32*)actx->value_ptr), krb5_preauthentication_types, "Unknown:%%d")); } #.FN_BODY PA-DATA/padata-value -proto_tree *sub_tree=tree; + proto_tree *sub_tree=tree; + guint32 PA_DATA_type = 0; + + if (actx->value_ptr) { + PA_DATA_type = *((guint32*)actx->value_ptr); + } if(actx->created_item){ sub_tree=proto_item_add_subtree(actx->created_item, ett_kerberos_PA_DATA); } - switch(krb_PA_DATA_type){ + switch(PA_DATA_type){ case KRB5_PA_TGS_REQ: offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_Applications); break; @@ -114,10 +137,6 @@ proto_tree *sub_tree=tree; default: offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, NULL); } -/*qqq*/ - -#.FN_BODY ADDR-TYPE VAL_PTR = &addr_type -%(DEFAULT_BODY)s #.FN_BODY HostAddress/address gint8 class; @@ -126,18 +145,22 @@ proto_tree *sub_tree=tree; guint32 len; char *address_str; proto_item *it=NULL; + guint32 addr_type = 0; /* read header and len for the octet string */ offset=dissect_ber_identifier(actx->pinfo, tree, tvb, offset, &class, &pc, &tag); offset=dissect_ber_length(actx->pinfo, tree, tvb, offset, &len, NULL); - address_str=ep_alloc(256); + if (actx->value_ptr) { + addr_type = *((guint32*)actx->value_ptr); + } + + address_str=ep_alloc(ADDRESS_STR_BUFSIZ); address_str[0]=0; - address_str[255]=0; switch(addr_type){ case KRB5_ADDR_IPv4: it=proto_tree_add_item(tree, hf_krb_address_ip, tvb, offset, 4, ENC_BIG_ENDIAN); - g_snprintf(address_str,256,"%d.%d.%d.%d",tvb_get_guint8(tvb, offset),tvb_get_guint8(tvb, offset+1),tvb_get_guint8(tvb, offset+2),tvb_get_guint8(tvb, offset+3)); + g_snprintf(address_str,ADDRESS_STR_BUFSIZ,"%d.%d.%d.%d",tvb_get_guint8(tvb, offset),tvb_get_guint8(tvb, offset+1),tvb_get_guint8(tvb, offset+2),tvb_get_guint8(tvb, offset+3)); break; case KRB5_ADDR_NETBIOS: { @@ -146,13 +169,13 @@ proto_tree *sub_tree=tree; int netbios_name_len = (NETBIOS_NAME_LEN - 1)*4 + 1; netbios_name_type = process_netbios_name(tvb_get_ptr(tvb, offset, 16), netbios_name, netbios_name_len); - g_snprintf(address_str, 255, "%s<%02x>", netbios_name, netbios_name_type); + g_snprintf(address_str, ADDRESS_STR_BUFSIZ, "%s<%02x>", netbios_name, netbios_name_type); it=proto_tree_add_string_format(tree, hf_krb_address_netbios, tvb, offset, 16, netbios_name, "NetBIOS Name: %s (%s)", address_str, netbios_name_type_descr(netbios_name_type)); } break; case KRB5_ADDR_IPv6: it=proto_tree_add_item(tree, hf_krb_address_ipv6, tvb, offset, INET6_ADDRLEN, ENC_NA); - g_snprintf(address_str, 256, "%s", ip6_to_str((const struct e_in6_addr *)tvb_get_ptr(tvb, offset, INET6_ADDRLEN))); + g_snprintf(address_str, ADDRESS_STR_BUFSIZ, "%s", ip6_to_str((const struct e_in6_addr *)tvb_get_ptr(tvb, offset, INET6_ADDRLEN))); break; default: proto_tree_add_text(tree, tvb, offset, len, "KRB Address: I dont know how to parse this type of address yet"); @@ -172,4 +195,181 @@ proto_tree *sub_tree=tree; #.TYPE_ATTR #xxx TYPE = FT_UINT16 DISPLAY = BASE_DEC STRINGS = VALS(xx_vals) +#.FN_BODY ENCTYPE + actx->value_ptr = ep_alloc(sizeof(guint32)); + + offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index, + actx->value_ptr); + +#.FN_BODY EncryptedTicketData/cipher +/**/#ifdef HAVE_KERBEROS + offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_ticket_data); +/**/#else +%(DEFAULT_BODY)s +/**/#endif + return offset; + +#.FN_BODY EncryptedAuthorizationData/cipher +/**/#ifdef HAVE_KERBEROS + offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_authenticator_data); +/**/#else +%(DEFAULT_BODY)s +/**/#endif + return offset; + +#.FN_BODY EncryptedKDCREPData/cipher +/**/#ifdef HAVE_KERBEROS + offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_KDC_REP_data); +/**/#else +%(DEFAULT_BODY)s +/**/#endif + return offset; + +#.FN_BODY PA-ENC-TIMESTAMP/cipher +/**/#ifdef HAVE_KERBEROS + offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_PA_ENC_TIMESTAMP); +/**/#else +%(DEFAULT_BODY)s +/**/#endif + return offset; + +#.FN_BODY EncryptedAPREPData/cipher +/**/#ifdef HAVE_KERBEROS + offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_AP_REP_data); +/**/#else +%(DEFAULT_BODY)s +/**/#endif + return offset; + +#.FN_BODY EncryptedKrbPrivData/cipher +/**/#ifdef HAVE_KERBEROS + offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_PRIV_data); +/**/#else +%(DEFAULT_BODY)s +/**/#endif + return offset; + +#.FN_BODY EncryptedKrbCredData/cipher +/**/#ifdef HAVE_KERBEROS + offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_CRED_data); +/**/#else +%(DEFAULT_BODY)s +/**/#endif + return offset; + + +#.FN_BODY CKSUMTYPE + actx->value_ptr = ep_alloc(sizeof(guint32)); + + offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index, + actx->value_ptr); + +#.FN_BODY Checksum/checksum + tvbuff_t *next_tvb; + guint32 checksum_type = 0; + + if (actx->value_ptr) { + checksum_type = *((guint32*)actx->value_ptr); + } + + switch(checksum_type){ + case KRB5_CHKSUM_GSSAPI: + offset=dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_index, &next_tvb); + dissect_krb5_rfc1964_checksum(actx, tree, next_tvb); + break; + default: + offset=dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_index, NULL); + } + return offset; + +#.FN_BODY EncryptionKey/keytype + kerberos_key_t* key = ep_alloc(sizeof(kerberos_key_t)); + actx->value_ptr = key; + + offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index, + key->keytype); + +#.FN_BODY EncryptionKey/keyvalue + kerberos_key_t* key = (kerberos_key_t*)actx->value_ptr; + + if (key != NULL) { + key->keylength = tvb_length_remaining(tvb, offset); + key->keyvalue = tvb_get_ptr(tvb, offset, key->keylength); + } + +%(DEFAULT_BODY)s + +#.FN_BODY EncryptionKey + kerberos_key_t* key = (kerberos_key_t*)actx->value_ptr; + + %(DEFAULT_BODY)s + + if (key != NULL) { + add_encryption_key(actx->pinfo, key->keytype, key->keylength, key->keyvalue, "key"); + } + +#.FN_BODY AuthorizationData/_item/ad-type + actx->value_ptr = ep_alloc(sizeof(guint32)); + + offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index, + actx->value_ptr); + +#.FN_BODY AuthorizationData/_item/ad-data + guint32 adtype = 0; + + if (actx->value_ptr) { + adtype = *((guint32*)actx->value_ptr); + } + + switch(adtype){ + case KRB5_AD_IF_RELEVANT: + offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset, hf_index, dissect_kerberos_AD_IF_RELEVANT); + break; + default: + offset=dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index, NULL); + } + +#.FN_BODY HostAddress/addr-type + actx->value_ptr = ep_alloc(sizeof(guint32)); + + offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index, + actx->value_ptr); + + +#.FN_BODY KDC-REQ-BODY + conversation_t *conversation; + + /* + * UDP replies to KDC_REQs are sent from the server back to the client's + * source port, similar to the way TFTP works. Set up a conversation + * accordingly. + * + * Ref: Section 7.2.1 of + * http://www.ietf.org/internet-drafts/draft-ietf-krb-wg-kerberos-clarifications-07.txt + */ + if (actx->pinfo->destport == UDP_PORT_KERBEROS && actx->pinfo->ptype == PT_UDP) { + conversation = find_conversation(actx->pinfo->fd->num, &actx->pinfo->src, &actx->pinfo->dst, PT_UDP, + actx->pinfo->srcport, 0, NO_PORT_B); + if (conversation == NULL) { + conversation = conversation_new(actx->pinfo->fd->num, &actx->pinfo->src, &actx->pinfo->dst, PT_UDP, + actx->pinfo->srcport, 0, NO_PORT2); + conversation_set_dissector(conversation, kerberos_handle_udp); + } + } + + %(DEFAULT_BODY)s + +#.FN_BODY KRB-SAFE-BODY/user-data + tvbuff_t *new_tvb; + offset=dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_index, &new_tvb); + if (new_tvb) { + call_kerberos_callbacks(actx->pinfo, tree, new_tvb, KRB_CBTAG_SAFE_USER_DATA); + } + +#.FN_BODY EncKrbPrivPart/user-data + tvbuff_t *new_tvb; + offset=dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_index, &new_tvb); + if (new_tvb) { + call_kerberos_callbacks(actx->pinfo, tree, new_tvb, KRB_CBTAG_PRIV_USER_DATA); + } |