From a6fba035e860351a4aed4e0fd56e22524fafab29 Mon Sep 17 00:00:00 2001
From: etxrab <etxrab@f5534014-38df-0310-8fa8-9805f1628bb7>
Date: Fri, 17 Oct 2008 16:09:34 +0000
Subject: Further updates: dissect error-code and e-data.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@26486 f5534014-38df-0310-8fa8-9805f1628bb7
---
 asn1/kerberos/KerberosV5Spec2.asn        |  7 +--
 asn1/kerberos/k5.asn                     | 90 ++++++++++++++++++++++++++++----
 asn1/kerberos/kerberos.cnf               | 86 ++++++++++++++++++++++++++++++
 asn1/kerberos/packet-kerberos-template.c | 15 ++++++
 4 files changed, 186 insertions(+), 12 deletions(-)

(limited to 'asn1/kerberos')

diff --git a/asn1/kerberos/KerberosV5Spec2.asn b/asn1/kerberos/KerberosV5Spec2.asn
index 72aa3ed35e..4b081b9640 100644
--- a/asn1/kerberos/KerberosV5Spec2.asn
+++ b/asn1/kerberos/KerberosV5Spec2.asn
@@ -61,8 +61,8 @@ PrincipalName   ::= SEQUENCE {
 KerberosTime    ::= GeneralizedTime -- with no fractional seconds
 
 HostAddress     ::= SEQUENCE  {
---      addr-type       [0] ADDR-TYPE, use k5.asn
-        addr-type       [0] Int32,
+--        addr-type       [0] Int32,
+        addr-type       [0] ADDR-TYPE, --use k5.asn
         address         [1] OCTET STRING
 }
 
@@ -376,7 +376,8 @@ KRB-ERROR       ::= [APPLICATION 30] SEQUENCE {
         cusec           [3] Microseconds OPTIONAL,
         stime           [4] KerberosTime,
         susec           [5] Microseconds,
-        error-code      [6] Int32,
+--        error-code      [6] Int32,
+        error-code      [6] ERROR-CODE, -- Use k5.asn
         crealm          [7] Realm OPTIONAL,
         cname           [8] PrincipalName OPTIONAL,
         realm           [9] Realm -- service realm --,
diff --git a/asn1/kerberos/k5.asn b/asn1/kerberos/k5.asn
index c3f35d2a42..8b6a18aa59 100644
--- a/asn1/kerberos/k5.asn
+++ b/asn1/kerberos/k5.asn
@@ -160,17 +160,89 @@ ENCTYPE ::= INTEGER {
 
 -- addr-types (WS extension )
 ADDR-TYPE ::= INTEGER {
-    kRB5-ADDR-IPv4(2),
-    kRB5-ADDR-CHAOS(5),
-    kRB5-ADDR-XEROX(6),
-    kRB5-ADDR-ISO(7),
-    kRB5-ADDR-DECNET(12),
-    kRB5-ADDR-APPLETALK(16),
-    kRB5-ADDR-NETBIOS(20),
-    kRB5-ADDR-IPv6(24)
+    iPv4(2),
+    cHAOS(5),
+    xEROX(6),
+    iSO(7),
+    dECNET(12),
+    aPPLETALK(16),
+    nETBIOS(20),
+    iPv6(24)
 }
 
-
+-- error-codes (WS extension)
+ERROR-CODE ::= INTEGER {
+--error table constants 
+	eRR-NONE(0),
+	eRR-NAME-EXP(1),
+	eRR-SERVICE-EXP(2),
+	eRR-BAD-PVNO(3),
+	eRR-C-OLD-MAST-KVNO(4),
+	eRR-S-OLD-MAST-KVNO(5),
+	eRR-C-PRINCIPAL-UNKNOWN(6),
+	eRR-S-PRINCIPAL-UNKNOWN(7),
+	eRR-PRINCIPAL-NOT-UNIQUE(8),
+	eRR-NULL-KEY(9),
+	eRR-CANNOT-POSTDATE(10),
+	eRR-NEVER-VALID(11),
+	eRR-POLICY(12),
+	eRR-BADOPTION(13),
+	eRR-ETYPE-NOSUPP(14),
+	eRR-SUMTYPE-NOSUPP(15),
+	eRR-PADATA-TYPE-NOSUPP(16),
+	eRR-TRTYPE-NOSUPP(17),
+	eRR-CLIENT-REVOKED(18),
+	eRR-SERVICE-REVOKED(19),
+	eRR-TGT-REVOKED(20),
+	eRR-CLIENT-NOTYET(21),
+	eRR-SERVICE-NOTYET(22),
+	eRR-KEY-EXP(23),
+	eRR-PREAUTH-FAILED(24),
+	eRR-PREAUTH-REQUIRED(25),
+	eRR-SERVER-NOMATCH(26),
+	eRR-MUST-USE-USER2USER(27),
+	eRR-PATH-NOT-ACCEPTED(28),
+	eRR-SVC-UNAVAILABLE(29),
+	eRR-BAD-INTEGRITY(31),
+	eRR-TKT-EXPIRED(32),
+	eRR-TKT-NYV(33),
+	eRR-REPEAT(34),
+	eRR-NOT-US(35),
+	eRR-BADMATCH(36),
+	eRR-SKEW(37),
+	eRR-BADADDR(38),
+	eRR-BADVERSION(39),
+	eRR-MSG-TYPE(40),
+	eRR-MODIFIED(41),
+	eRR-BADORDER(42),
+	eRR-ILL-CR-TKT(43),
+	eRR-BADKEYVER(44),
+	eRR-NOKEY(45),
+	eRR-MUT-FAIL(46),
+	eRR-BADDIRECTION(47),
+	eRR-METHOD(48),
+	eRR-BADSEQ(49),
+	eRR-INAPP-CKSUM(50),
+	pATH-NOT-ACCEPTED(51),
+	eRR-RESPONSE-TOO-BIG(52),
+	eRR-GENERIC(60),
+	eRR-FIELD-TOOLONG(61),
+	eRROR-CLIENT-NOT-TRUSTED(62),
+	eRROR-KDC-NOT-TRUSTED(63),
+	eRROR-INVALID-SIG(64),
+	eRR-KEY-TOO-WEAK(65),
+	eRR-CERTIFICATE-MISMATCH(66),
+	eRR-NO-TGT(67),
+	eRR-WRONG-REALM(68),
+	eRR-USER-TO-USER-REQUIRED(69),
+	eRR-CANT-VERIFY-CERTIFICATE(70),
+	eRR-INVALID-CERTIFICATE(71),
+	eRR-REVOKED-CERTIFICATE(72),
+	eRR-REVOCATION-STATUS-UNKNOWN(73),
+	eRR-REVOCATION-STATUS-UNAVAILABLE(74),
+	eRR-CLIENT-NAME-MISMATCH(75),
+	eRR-KDC-NAME-MISMATCH(76)
+}
 
 -- this is sugar to make something ASN1 does not have: unsigned
 
diff --git a/asn1/kerberos/kerberos.cnf b/asn1/kerberos/kerberos.cnf
index 9b74a2d5fe..1e2377a1ff 100644
--- a/asn1/kerberos/kerberos.cnf
+++ b/asn1/kerberos/kerberos.cnf
@@ -26,6 +26,40 @@ guint32 msgtype;
 	/* append the application type to the tree */
 	proto_item_append_text(tree, " %%s", val_to_str(msgtype, krb5_msg_types, "Unknown:0x%%x"));
 
+	
+#.FN_BODY ERROR-CODE VAL_PTR = &krb5_errorcode
+%(DEFAULT_BODY)s
+	if(krb5_errorcode && check_col(actx->pinfo->cinfo, COL_INFO)) {
+		col_add_fstr(actx->pinfo->cinfo, COL_INFO,
+			"KRB Error: %%s",
+			val_to_str(krb5_errorcode, krb5_error_codes,
+			"Unknown error code %%#x"));
+	}
+
+	return offset;
+#.END
+#.FN_BODY KRB-ERROR/_untag/e-data
+	switch(krb5_errorcode){
+	case KRB5_ET_KRB5KDC_ERR_BADOPTION:
+	case KRB5_ET_KRB5KDC_ERR_CLIENT_REVOKED:
+	case KRB5_ET_KRB5KDC_ERR_KEY_EXP:
+	case KRB5_ET_KRB5KDC_ERR_POLICY:
+		/* ms windows kdc sends e-data of this type containing a "salt"
+		 * that contains the nt_status code for these error codes.
+		 */
+		offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_kerberos_e_data, dissect_kerberos_PA_DATA);
+		break;
+	case KRB5_ET_KRB5KDC_ERR_PREAUTH_REQUIRED:
+	case KRB5_ET_KRB5KDC_ERR_PREAUTH_FAILED:
+	case KRB5_ET_KRB5KDC_ERR_ETYPE_NOSUPP:
+		offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_kerberos_e_data, dissect_kerberos_SEQUENCE_OF_PA_DATA);
+
+		break;
+	default:
+		offset=dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_kerberos_e_data, NULL);
+	}
+
+
 #.FN_BODY Int32 VAL_PTR = actx->value_ptr
 %(DEFAULT_BODY)s
 
@@ -83,6 +117,58 @@ proto_tree *sub_tree=tree;
 	}
 /*qqq*/
 
+#.FN_BODY ADDR-TYPE VAL_PTR = &addr_type
+%(DEFAULT_BODY)s
+
+#.FN_BODY HostAddress/address
+	gint8 class;
+	gboolean pc;
+	gint32 tag;
+	guint32 len;
+	char *address_str;
+	proto_item *it=NULL;
+
+	/* read header and len for the octet string */
+	offset=dissect_ber_identifier(actx->pinfo, tree, tvb, offset, &class, &pc, &tag);
+	offset=dissect_ber_length(actx->pinfo, tree, tvb, offset, &len, NULL);
+
+	address_str=ep_alloc(256);
+	address_str[0]=0;
+	address_str[255]=0;
+	switch(addr_type){
+	case KRB5_ADDR_IPv4:
+		it=proto_tree_add_item(tree, hf_krb_address_ip, tvb, offset, 4, FALSE);
+		g_snprintf(address_str,256,"%d.%d.%d.%d",tvb_get_guint8(tvb, offset),tvb_get_guint8(tvb, offset+1),tvb_get_guint8(tvb, offset+2),tvb_get_guint8(tvb, offset+3));
+		break;
+	case KRB5_ADDR_NETBIOS:
+		{
+		char netbios_name[(NETBIOS_NAME_LEN - 1)*4 + 1];
+		int netbios_name_type;
+		int netbios_name_len = (NETBIOS_NAME_LEN - 1)*4 + 1;
+
+		netbios_name_type = process_netbios_name(tvb_get_ptr(tvb, offset, 16), netbios_name, netbios_name_len);
+		g_snprintf(address_str, 255, "%s<%02x>", netbios_name, netbios_name_type);
+		it=proto_tree_add_string_format(tree, hf_krb_address_netbios, tvb, offset, 16, netbios_name, "NetBIOS Name: %s (%s)", address_str, netbios_name_type_descr(netbios_name_type));
+		}
+		break;
+	case KRB5_ADDR_IPv6:
+		it=proto_tree_add_item(tree, hf_krb_address_ipv6, tvb, offset, INET6_ADDRLEN, FALSE);
+		g_snprintf(address_str, 256, "%s", ip6_to_str((const struct e_in6_addr *)tvb_get_ptr(tvb, offset, INET6_ADDRLEN)));
+		break;
+	default:
+		proto_tree_add_text(tree, tvb, offset, len, "KRB Address: I dont know how to parse this type of address yet");
+
+	}
+
+	/* push it up two levels in the decode pane */
+	if(it){
+		proto_item_append_text(proto_item_get_parent(it), " %s",address_str);
+		proto_item_append_text(proto_item_get_parent_nth(it, 2), " %s",address_str);
+	}
+
+	offset+=len;
+	return offset;
+
 
 #.TYPE_ATTR
 #xxx TYPE = FT_UINT16  DISPLAY = BASE_DEC  STRINGS = VALS(xx_vals)
diff --git a/asn1/kerberos/packet-kerberos-template.c b/asn1/kerberos/packet-kerberos-template.c
index 8344952fc2..3eb3438fce 100644
--- a/asn1/kerberos/packet-kerberos-template.c
+++ b/asn1/kerberos/packet-kerberos-template.c
@@ -113,6 +113,9 @@ static dissector_handle_t kerberos_handle_udp=NULL;
 static guint32 authenticator_etype;
 static guint32 keytype;
 guint32 krb_PA_DATA_type;
+static guint32 addr_type;
+guint32 krb5_errorcode;
+
 static gboolean do_col_info;
 
 /* Forward declarations */
@@ -134,6 +137,9 @@ static gint hf_krb_rm_reclen = -1;
 static gint hf_krb_provsrv_location = -1;
 static gint hf_krb_smb_nt_status = -1;
 static gint hf_krb_smb_unknown = -1;
+static gint hf_krb_address_ip = -1;
+static gint hf_krb_address_netbios = -1;
+static gint hf_krb_address_ipv6 = -1;
 #include "packet-kerberos-hf.c"
 
 /* Initialize the subtree pointers */
@@ -1539,6 +1545,15 @@ void proto_register_kerberos(void) {
 	{ &hf_krb_smb_unknown,
 		{ "Unknown", "kerberos.smb.unknown", FT_UINT32, BASE_HEX,
 		NULL, 0, "unknown", HFILL }},
+	{ &hf_krb_address_ip, {
+	    "IP Address", "kerberos.addr_ip", FT_IPv4, BASE_NONE,
+	    NULL, 0, "IP Address", HFILL }},
+	{ &hf_krb_address_ipv6, {
+	    "IPv6 Address", "kerberos.addr_ipv6", FT_IPv6, BASE_NONE,
+	    NULL, 0, "IPv6 Address", HFILL }},
+	{ &hf_krb_address_netbios, {
+	    "NetBIOS Address", "kerberos.addr_nb", FT_STRING, BASE_NONE,
+	    NULL, 0, "NetBIOS Address and type", HFILL }},
 
 #include "packet-kerberos-hfarr.c"
   };
-- 
cgit v1.2.3