diff options
author | Michael Mann <mmann78@netscape.net> | 2016-09-24 08:29:07 -0400 |
---|---|---|
committer | Anders Broman <a.broman58@gmail.com> | 2017-11-14 20:20:22 +0000 |
commit | 5d1328c5285e1cd3f4e1620dd33babda47bafe92 (patch) | |
tree | 31ebc8bf6e36849df2d101c04d4266c9c6e2c7e0 /epan/dissectors/asn1 | |
parent | 27011d312343a0dac06736087d1a94ffd7ab763e (diff) |
Kerberos - Add support for RFC 6113
Bug: 8974
Change-Id: I43998a64fc34dfeb1c0a8d702d5bdc5aa74d57de
Reviewed-on: https://code.wireshark.org/review/17879
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Diffstat (limited to 'epan/dissectors/asn1')
-rw-r--r-- | epan/dissectors/asn1/kerberos/CMakeLists.txt | 1 | ||||
-rw-r--r-- | epan/dissectors/asn1/kerberos/Makefile.am | 3 | ||||
-rw-r--r-- | epan/dissectors/asn1/kerberos/RFC6113.asn | 124 | ||||
-rw-r--r-- | epan/dissectors/asn1/kerberos/k5.asn | 58 | ||||
-rw-r--r-- | epan/dissectors/asn1/kerberos/kerberos.cnf | 50 | ||||
-rw-r--r-- | epan/dissectors/asn1/kerberos/packet-kerberos-template.c | 26 |
6 files changed, 238 insertions, 24 deletions
diff --git a/epan/dissectors/asn1/kerberos/CMakeLists.txt b/epan/dissectors/asn1/kerberos/CMakeLists.txt index 3e1bd82309..dd862ee356 100644 --- a/epan/dissectors/asn1/kerberos/CMakeLists.txt +++ b/epan/dissectors/asn1/kerberos/CMakeLists.txt @@ -34,6 +34,7 @@ set( ASN_FILE_LIST KerberosV5Spec2.asn k5.asn RFC3244.asn + RFC6113.asn ) set( EXTRA_DIST diff --git a/epan/dissectors/asn1/kerberos/Makefile.am b/epan/dissectors/asn1/kerberos/Makefile.am index ff7b2558e0..3c0db504a0 100644 --- a/epan/dissectors/asn1/kerberos/Makefile.am +++ b/epan/dissectors/asn1/kerberos/Makefile.am @@ -28,7 +28,8 @@ EXT_ASN_FILE_LIST = ASN_FILE_LIST = \ KerberosV5Spec2.asn \ k5.asn \ - RFC3244.asn + RFC3244.asn \ + RFC6113.asn EXTRA_DIST = \ $(EXTRA_DIST_COMMON) \ diff --git a/epan/dissectors/asn1/kerberos/RFC6113.asn b/epan/dissectors/asn1/kerberos/RFC6113.asn new file mode 100644 index 0000000000..10a3d7ddc6 --- /dev/null +++ b/epan/dissectors/asn1/kerberos/RFC6113.asn @@ -0,0 +1,124 @@ +-- Extracted from RFC 6113 + +KerberosPreauthFramework { + iso(1) identified-organization(3) dod(6) internet(1) + security(5) kerberosV5(2) modules(4) preauth-framework(3) +} DEFINITIONS EXPLICIT TAGS ::= BEGIN + +IMPORTS + KerberosTime, PrincipalName, Realm, EncryptionKey, Checksum, + Int32, EncryptedData, PA-ENC-TS-ENC, PA-DATA, KDC-REQ-BODY, + Microseconds, KerberosFlags, UInt32 + FROM KerberosV5Spec2 { iso(1) identified-organization(3) + dod(6) internet(1) security(5) kerberosV5(2) + modules(4) krb5spec2(2) }; + -- as defined in RFC 4120. + +PA-AUTHENTICATION-SET ::= SEQUENCE OF PA-AUTHENTICATION-SET-ELEM + +PA-AUTHENTICATION-SET-ELEM ::= SEQUENCE { + pa-type [0] Int32, + -- same as padata-type. + pa-hint [1] OCTET STRING OPTIONAL, + pa-value [2] OCTET STRING OPTIONAL, + ... +} + +KrbFastArmor ::= SEQUENCE { + armor-type [0] Int32, + -- Type of the armor. + armor-value [1] OCTET STRING, + -- Value of the armor. + ... +} + +PA-FX-FAST-REQUEST ::= CHOICE { + armored-data [0] KrbFastArmoredReq, + ... +} + +KrbFastArmoredReq ::= SEQUENCE { + armor [0] KrbFastArmor OPTIONAL, + -- Contains the armor that identifies the armor key. + -- MUST be present in AS-REQ. + req-checksum [1] Checksum, + -- For AS, contains the checksum performed over the type + -- KDC-REQ-BODY for the req-body field of the KDC-REQ + -- structure; + -- For TGS, contains the checksum performed over the type + -- AP-REQ in the PA-TGS-REQ padata. + -- The checksum key is the armor key, the checksum + -- type is the required checksum type for the enctype of + -- the armor key, and the key usage number is + -- KEY_USAGE_FAST_REQ_CHKSUM. + enc-fast-req [2] EncryptedData, -- KrbFastReq -- + -- The encryption key is the armor key, and the key usage + -- number is KEY_USAGE_FAST_ENC. + ... +} + +KrbFastReq ::= SEQUENCE { + fast-options [0] FastOptions, + -- Additional options. + padata [1] SEQUENCE OF PA-DATA, + -- padata typed holes. + req-body [2] KDC-REQ-BODY, + -- Contains the KDC request body as defined in Section + -- 5.4.1 of [RFC4120]. + -- This req-body field is preferred over the outer field + -- in the KDC request. + ... +} + +FastOptions ::= KerberosFlags + -- reserved(0), + -- hide-client-names(1), + -- kdc-follow-referrals(16) + +PA-FX-FAST-REPLY ::= CHOICE { + armored-data [0] KrbFastArmoredRep, + ... +} + +KrbFastArmoredRep ::= SEQUENCE { + enc-fast-rep [0] EncryptedData, -- KrbFastResponse -- + -- The encryption key is the armor key in the request, and + -- the key usage number is KEY_USAGE_FAST_REP. + ... +} + +KrbFastResponse ::= SEQUENCE { + padata [0] SEQUENCE OF PA-DATA, + -- padata typed holes. + strengthen-key [1] EncryptionKey OPTIONAL, + -- This, if present, strengthens the reply key for AS and + -- TGS. MUST be present for TGS + -- MUST be absent in KRB-ERROR. + finished [2] KrbFastFinished OPTIONAL, + -- Present in AS or TGS reply; absent otherwise. + nonce [3] UInt32, + -- Nonce from the client request. + ... +} + +KrbFastFinished ::= SEQUENCE { + timestamp [0] KerberosTime, + usec [1] Microseconds, + -- timestamp and usec represent the time on the KDC when + -- the reply was generated. + crealm [2] Realm, + cname [3] PrincipalName, + -- Contains the client realm and the client name. + ticket-checksum [4] Checksum, + -- checksum of the ticket in the KDC-REP using the armor + -- and the key usage is KEY_USAGE_FAST_FINISH. + -- The checksum type is the required checksum type + -- of the armor key. + ... +} + +EncryptedChallenge ::= EncryptedData + -- Encrypted PA-ENC-TS-ENC, encrypted in the challenge key + -- using key usage KEY_USAGE_ENC_CHALLENGE_CLIENT for the + -- client and KEY_USAGE_ENC_CHALLENGE_KDC for the KDC. +END diff --git a/epan/dissectors/asn1/kerberos/k5.asn b/epan/dissectors/asn1/kerberos/k5.asn index ea4e47a371..a74bc62884 100644 --- a/epan/dissectors/asn1/kerberos/k5.asn +++ b/epan/dissectors/asn1/kerberos/k5.asn @@ -14,9 +14,16 @@ NAME-TYPE ::= INTEGER { kRB5-NT-X500-PRINCIPAL(6), -- PKINIT kRB5-NT-SMTP-NAME(7), -- Name in form of SMTP email name kRB5-NT-ENTERPRISE-PRINCIPAL(10), -- Windows 2000 UPN + kRB5-NT-WELLKNOWN(11), -- Wellknown + kRB5-NT-SRV-HST-DOMAIN(12), -- Domain based service with host name as instance (RFC5179) kRB5-NT-ENT-PRINCIPAL-AND-ID(-130), -- Windows 2000 UPN and SID kRB5-NT-MS-PRINCIPAL(-128), -- NT 4 style name - kRB5-NT-MS-PRINCIPAL-AND-ID(-129) -- NT style name and SID + kRB5-NT-MS-PRINCIPAL-AND-ID(-129), -- NT style name and SID + kRB5-NT-NTLM(-1200), -- NTLM name, realm is domain + kRB5-NT-X509-GENERAL-NAME(-1201), -- x509 general name (base64 encoded) + kRB5-NT-GSS-HOSTBASED-SERVICE(-1202), -- not used; remove + kRB5-NT-CACHE-UUID(-1203), -- name is actually a uuid pointing to ccache, use client name in cache + kRB5-NT-SRV-HST-NEEDS-CANON (-195894762) -- Internal: indicates that name canonicalization is needed } -- message types @@ -37,10 +44,11 @@ MESSAGE-TYPE ::= INTEGER { -- pa-data types + PADATA-TYPE ::= INTEGER { kRB5-PADATA-NONE(0), kRB5-PADATA-TGS-REQ(1), --- kRB5-PADATA-AP-REQ(1), + kRB5-PADATA-AP-REQ(1), kRB5-PADATA-ENC-TIMESTAMP(2), kRB5-PADATA-PW-SALT(3), kRB5-PADATA-ENC-UNIX-TIME(5), @@ -54,17 +62,22 @@ PADATA-TYPE ::= INTEGER { kRB5-PADATA-SAM-RESPONSE(13), -- (sam/otp) kRB5-PADATA-PK-AS-REQ-19(14), -- (PKINIT-19) kRB5-PADATA-PK-AS-REP-19(15), -- (PKINIT-19) --- kRB5-PADATA-PK-AS-REQ-WIN(15), (PKINIT - old number) +-- kRB5-PADATA-PK-AS-REQ-WIN(15), - (PKINIT - old number) kRB5-PADATA-PK-AS-REQ(16), -- (PKINIT-25) kRB5-PADATA-PK-AS-REP(17), -- (PKINIT-25) kRB5-PADATA-PA-PK-OCSP-RESPONSE(18), kRB5-PADATA-ETYPE-INFO2(19), kRB5-PADATA-USE-SPECIFIED-KVNO(20), --- kRB5-PADATA-SVR-REFERRAL-INFO(20), old ms referral number +-- kRB5-PADATA-SVR-REFERRAL-INFO(20), - old ms referral number kRB5-PADATA-SAM-REDIRECT(21), -- (sam/otp) kRB5-PADATA-GET-FROM-TYPED-DATA(22), kRB5-PADATA-SAM-ETYPE-INFO(23), kRB5-PADATA-SERVER-REFERRAL(25), + kRB5-PADATA-ALT-PRINC(24), -- (crawdad@fnal.gov) + kRB5-PADATA-SAM-CHALLENGE2(30), -- (kenh@pobox.com) + kRB5-PADATA-SAM-RESPONSE2(31), -- (kenh@pobox.com) + kRB5-PA-EXTRA-TGT(41), -- Reserved extra TGT + kRB5-PADATA-FX-FAST-ARMOR(71), -- fast armor kRB5-PADATA-TD-KRB-PRINCIPAL(102), -- PrincipalName kRB5-PADATA-PK-TD-TRUSTED-CERTIFIERS(104), -- PKINIT kRB5-PADATA-PK-TD-CERTIFICATE-INDEX(105), -- PKINIT @@ -72,14 +85,31 @@ PADATA-TYPE ::= INTEGER { kRB5-PADATA-TD-REQ-NONCE(107), -- INTEGER kRB5-PADATA-TD-REQ-SEQ(108), -- INTEGER kRB5-PADATA-PA-PAC-REQUEST(128), -- jbrezak@exchange.microsoft.com - kRB5-PADATA-S4U2SELF(129), - kRB5-PADATA-PK-AS-09-BINDING(132), -- client send this to - -- tell KDC that is supports + kRB5-PADATA-FOR-USER(129), -- MS-KILE + kRB5-PADATA-FOR-X509-USER(130), -- MS-KILE + kRB5-PADATA-FOR-CHECK-DUPS(131), -- MS-KILE + kRB5-PADATA-AS-CHECKSUM(132), -- MS-KILE + kRB5-PADATA-PK-AS-09-BINDING(132), -- client send this to + -- tell KDC that is supports -- the asCheckSum in the -- PK-AS-REP - kRB5-PADATA-CLIENT-CANONICALIZED(133) -- + kRB5-PADATA-FX-COOKIE(133), -- krb-wg-preauth-framework + kRB5-PADATA-AUTHENTICATION-SET(134), -- krb-wg-preauth-framework + kRB5-PADATA-AUTH-SET-SELECTED(135), -- krb-wg-preauth-framework + kRB5-PADATA-FX-FAST(136), -- krb-wg-preauth-framework + kRB5-PADATA-FX-ERROR(137), -- krb-wg-preauth-framework + kRB5-PADATA-ENCRYPTED-CHALLENGE(138), -- krb-wg-preauth-framework + kRB5-PADATA-OTP-CHALLENGE(141), -- (gareth.richards@rsa.com) + kRB5-PADATA-OTP-REQUEST(142), -- (gareth.richards@rsa.com) + kBB5-PADATA-OTP-CONFIRM(143), -- (gareth.richards@rsa.com) + kRB5-PADATA-OTP-PIN-CHANGE(144), -- (gareth.richards@rsa.com) + kRB5-PADATA-EPAK-AS-REQ(145), + kRB5-PADATA-EPAK-AS-REP(146), + kRB5-PADATA-PKINIT-KX(147), -- krb-wg-anon + kRB5-PADATA-PKU2U-NAME(148), -- zhu-pku2u + kRB5-PADATA-REQ-ENC-PA-REP(149), -- + kRB5-PADATA-SUPPORTED-ETYPES(165) -- MS-KILE } - AUTHDATA-TYPE ::= INTEGER { kRB5-AUTHDATA-IF-RELEVANT(1), kRB5-AUTHDATA-INTENDED-FOR-SERVER(2), @@ -95,7 +125,9 @@ AUTHDATA-TYPE ::= INTEGER { kRB5-AUTHDATA-OSF-DCE-PKI-CERTID(66), kRB5-AUTHDATA-WIN2K-PAC(128), kRB5-AUTHDATA-GSS-API-ETYPE-NEGOTIATION(129), -- Authenticator only - kRB5-AUTHDATA-SIGNTICKET(-17) + kRB5-AUTHDATA-SIGNTICKET-OLDER(-17), + kRB5-AUTHDATA-SIGNTICKET-OLD(142), + kRB5-AUTHDATA-SIGNTICKET(512) } -- checksumtypes @@ -119,6 +151,8 @@ CKSUMTYPE ::= INTEGER { cKSUMTYPE-HMAC-SHA1-96-AES-256(16), cKSUMTYPE-CMAC-CAMELLIA128(17), cKSUMTYPE-CMAC-CAMELLIA256(18), + cKSUMTYPE-HMAC-SHA256-128-AES128(19), + cKSUMTYPE-HMAC-SHA384-192-AES256(20), cKSUMTYPE-GSSAPI(--0x8003--32771), cKSUMTYPE-HMAC-MD5(-138), -- unofficial microsoft number cKSUMTYPE-HMAC-MD5-ENC(-1138) -- even more unofficial @@ -320,7 +354,9 @@ TicketFlags ::= BIT STRING { hw-authent(11), transited-policy-checked(12), ok-as-delegate(13), - anonymous(14) + anonymous-14(14), + enc-pa-rep(15), + anonymous(16) } KDCOptions ::= BIT STRING { diff --git a/epan/dissectors/asn1/kerberos/kerberos.cnf b/epan/dissectors/asn1/kerberos/kerberos.cnf index dc04d58abf..f04b6639f8 100644 --- a/epan/dissectors/asn1/kerberos/kerberos.cnf +++ b/epan/dissectors/asn1/kerberos/kerberos.cnf @@ -31,9 +31,7 @@ AD-LoginAlias AD-MANDATORY-FOR-KDC AUTHDATA-TYPE ChangePasswdDataMS -EncryptedData EtypeList -KerberosFlags KRB5SignedPath KRB5SignedPathData KRB5SignedPathPrincipals @@ -56,6 +54,11 @@ Principal PROV-SRV-LOCATION SAMFlags TYPED-DATA +KrbFastReq +KrbFastResponse +KrbFastFinished +FastOptions +KerberosFlags #.NO_EMIT ONLY_VALS Applications @@ -138,34 +141,47 @@ guint32 msgtype; switch(private_data->padata_type){ case KRB5_PA_TGS_REQ: offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_Applications); - break; + break; case KRB5_PA_PK_AS_REQ: offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_pkinit_PaPkAsReq); - break; + break; case KRB5_PA_PK_AS_REP: offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_pkinit_PaPkAsRep); - break; + break; case KRB5_PA_PAC_REQUEST: offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_KERB_PA_PAC_REQUEST); break; case KRB5_PA_S4U2SELF: offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_S4U2Self); - break; + break; case KRB5_PA_PROV_SRV_LOCATION: offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_krb5_PA_PROV_SRV_LOCATION); - break; + break; case KRB5_PA_ENC_TIMESTAMP: offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_ENC_TIMESTAMP); - break; + break; case KRB5_PA_ENCTYPE_INFO: offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_ETYPE_INFO); - break; + break; case KRB5_PA_ENCTYPE_INFO2: offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_ETYPE_INFO2); - break; + break; case KRB5_PA_PW_SALT: offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_krb5_PW_SALT); - break; + break; + case KRB5_PA_AUTHENTICATION_SET: + offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_AUTHENTICATION_SET); + break; + case KRB5_PADATA_FX_FAST: + if(private_data->is_request){ + offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_FX_FAST_REQUEST); + }else{ + offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_FX_FAST_REPLY); + } + break; + case KRB5_PADATA_ENCRYPTED_CHALLENGE: + offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_EncryptedChallenge); + break; default: offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, NULL); } @@ -388,3 +404,15 @@ AuthorizationData/_item/ad-type STRINGS=VALS(krb5_ad_types) if (new_tvb) { call_kerberos_callbacks(actx->pinfo, tree, new_tvb, KRB_CBTAG_PRIV_USER_DATA, (kerberos_callbacks*)actx->private_data); } + +#.FN_HDR AS-REQ + kerberos_private_data_t* private_data = kerberos_get_private_data(actx); + private_data->is_request = TRUE; + +#.FN_HDR AS-REP + kerberos_private_data_t* private_data = kerberos_get_private_data(actx); + private_data->is_request = FALSE; + +#.FN_HDR KRB-ERROR + kerberos_private_data_t* private_data = kerberos_get_private_data(actx); + private_data->is_request = FALSE; diff --git a/epan/dissectors/asn1/kerberos/packet-kerberos-template.c b/epan/dissectors/asn1/kerberos/packet-kerberos-template.c index 4412fb1440..7ca1c98496 100644 --- a/epan/dissectors/asn1/kerberos/packet-kerberos-template.c +++ b/epan/dissectors/asn1/kerberos/packet-kerberos-template.c @@ -98,6 +98,7 @@ typedef struct kerberos_key { } kerberos_key_t; typedef struct { + gboolean is_request; guint32 etype; guint32 padata_type; guint32 enctype; @@ -117,7 +118,10 @@ static int dissect_kerberos_PA_S4U2Self(gboolean implicit_tag _U_, tvbuff_t *tvb static int dissect_kerberos_ETYPE_INFO(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); static int dissect_kerberos_ETYPE_INFO2(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); static int dissect_kerberos_AD_IF_RELEVANT(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); - +static int dissect_kerberos_PA_AUTHENTICATION_SET(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); +static int dissect_kerberos_PA_FX_FAST_REQUEST(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); +static int dissect_kerberos_EncryptedChallenge(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); +static int dissect_kerberos_PA_FX_FAST_REPLY(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); /* Desegment Kerberos over TCP messages */ static gboolean krb_desegment = TRUE; @@ -834,6 +838,7 @@ decrypt_krb5_data(proto_tree *tree, packet_info *pinfo, #define KRB5_PA_PK_AS_REQ 14 #define KRB5_PA_PK_AS_REP 15 #define KRB5_PA_DASS 16 +#define KRB5_PA_PK_AS_REP_17 17 #define KRB5_PA_ENCTYPE_INFO2 19 #define KRB5_PA_USE_SPECIFIED_KVNO 20 #define KRB5_PA_SAM_REDIRECT 21 @@ -857,6 +862,15 @@ decrypt_krb5_data(proto_tree *tree, packet_info *pinfo, #define KRB5_PA_PAC_REQUEST 128 /* (Microsoft extension) */ #define KRB5_PA_FOR_USER 129 /* Impersonation (Microsoft extension) See [MS-SFU]. XXX - replaced by KRB5_PA_S4U2SELF */ #define KRB5_PA_S4U2SELF 129 +#define KRB5_PADATA_S4U_X509_USER 130 /* certificate protocol transition request */ +#define KRB5_PADATA_FX_COOKIE 133 +#define KRB5_PA_AUTHENTICATION_SET 134 +#define KRB5_PADATA_FX_FAST 136 +#define KRB5_PADATA_FX_ERROR 137 +#define KRB5_PADATA_ENCRYPTED_CHALLENGE 138 +#define KRB5_PADATA_PKINIT_KX 147 +#define KRB5_ENCPADATA_REQ_ENC_PA_REP 149 + #define KRB5_PA_PROV_SRV_LOCATION 0xffffffff /* (gint32)0xFF) packetcable stuff */ /* Principal name-type */ @@ -1083,6 +1097,7 @@ static const value_string krb5_preauthentication_types[] = { { KRB5_PA_PK_AS_REQ , "PA-PK-AS-REQ" }, { KRB5_PA_PK_AS_REP , "PA-PK-AS-REP" }, { KRB5_PA_DASS , "PA-DASS" }, + { KRB5_PA_PK_AS_REP_17 , "PA-PK-AS-REP-17" }, { KRB5_PA_USE_SPECIFIED_KVNO , "PA-USE-SPECIFIED-KVNO" }, { KRB5_PA_SAM_REDIRECT , "PA-SAM-REDIRECT" }, { KRB5_PA_GET_FROM_TYPED_DATA , "PA-GET-FROM-TYPED-DATA" }, @@ -1100,6 +1115,15 @@ static const value_string krb5_preauthentication_types[] = { { KRB5_TD_REQ_SEQ , "TD-REQ-SEQ" }, { KRB5_PA_PAC_REQUEST , "PA-PAC-REQUEST" }, { KRB5_PA_FOR_USER , "PA-FOR-USER" }, + { KRB5_PADATA_S4U_X509_USER , "PA-S4U-X509-USER" }, + { KRB5_PADATA_FX_COOKIE , "PA-FX-COOKIE" }, + { KRB5_PA_AUTHENTICATION_SET , "KRB5-PA-AUTHENTICATION-SET" }, + + { KRB5_PADATA_FX_FAST , "PA-FX-FAST" }, + { KRB5_PADATA_FX_ERROR , "PA-FX-ERROR" }, + { KRB5_PADATA_ENCRYPTED_CHALLENGE , "PA-ENCRYPTED-CHALLENGE" }, + { KRB5_PADATA_PKINIT_KX , "PA-PKINIT-KX" }, + { KRB5_ENCPADATA_REQ_ENC_PA_REP , "PA-REQ-ENC-PA-REP" }, { KRB5_PA_PROV_SRV_LOCATION , "PA-PROV-SRV-LOCATION" }, { 0 , NULL }, }; |