diff options
author | Stefan Metzmacher <metze@samba.org> | 2015-02-28 10:31:40 +0100 |
---|---|---|
committer | Anders Broman <a.broman58@gmail.com> | 2020-03-18 18:29:46 +0000 |
commit | 95d0ab1e01da82804be73d6ce390ccbe3b426bcc (patch) | |
tree | bd8bf52e01d12b7a801a1671200640ce790d43dd | |
parent | 5e1aa48d567337a262aa83095414ccb64ca435c0 (diff) |
packet-kerberos: we only need PA-PAC-REQUEST once
Change-Id: I6c3d3810456d30877802fbd5d8d8ee64df2417f7
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-on: https://code.wireshark.org/review/36465
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
-rw-r--r-- | epan/dissectors/asn1/kerberos/k5.asn | 11 | ||||
-rw-r--r-- | epan/dissectors/asn1/kerberos/kerberos.cnf | 3 | ||||
-rw-r--r-- | epan/dissectors/asn1/kerberos/packet-kerberos-template.c | 2 | ||||
-rw-r--r-- | epan/dissectors/packet-kerberos.c | 126 |
4 files changed, 68 insertions, 74 deletions
diff --git a/epan/dissectors/asn1/kerberos/k5.asn b/epan/dissectors/asn1/kerberos/k5.asn index 1d5329935f..ff0190d7a6 100644 --- a/epan/dissectors/asn1/kerberos/k5.asn +++ b/epan/dissectors/asn1/kerberos/k5.asn @@ -548,7 +548,10 @@ LR-TYPE ::= INTEGER { -- pausec[1] Krb5int32 OPTIONAL --} +-- WS put extensions found elsewhere here -- draft-brezak-win2k-krb-authz-01 +-- MS-KILE: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-kile +-- MS-SFU: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-sfu PA-PAC-REQUEST ::= SEQUENCE { include-pac[0] BOOLEAN -- Indicates whether a PAC -- should be included or not @@ -842,14 +845,6 @@ PA-ServerReferralData ::= SEQUENCE { referral-valid-until [3] KerberosTime OPTIONAL, ... } --- WS put extensions found elsewhere here --- MS-KILE: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-kile --- MS-SFU: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-sfu - -KERB-PA-PAC-REQUEST ::= SEQUENCE { -include-pac[0] BOOLEAN --If TRUE, and no pac present, include PAC. - --If FALSE, and PAC present, remove PAC -} PAC-OPTIONS-FLAGS ::= BIT STRING { claims(0), diff --git a/epan/dissectors/asn1/kerberos/kerberos.cnf b/epan/dissectors/asn1/kerberos/kerberos.cnf index ac60848450..624a7ee840 100644 --- a/epan/dissectors/asn1/kerberos/kerberos.cnf +++ b/epan/dissectors/asn1/kerberos/kerberos.cnf @@ -39,7 +39,6 @@ Krb5uint32 PA-ClientCanonicalized PA-ClientCanonicalizedNames PA-ENC-SAM-RESPONSE-ENC -PA-PAC-REQUEST PA-SAM-CHALLENGE-2 PA-SAM-CHALLENGE-2-BODY PA-SAM-REDIRECT @@ -169,7 +168,7 @@ AUTHDATA-TYPE PROT_PREFIX UPPER_CASE offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_pkinit_PaPkAsRep); break; case KERBEROS_PA_PAC_REQUEST: - offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_KERB_PA_PAC_REQUEST); + offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_PAC_REQUEST); break; case KERBEROS_PA_FOR_USER: /* S4U2SELF */ offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_S4U2Self); diff --git a/epan/dissectors/asn1/kerberos/packet-kerberos-template.c b/epan/dissectors/asn1/kerberos/packet-kerberos-template.c index 236bc0501f..fa8f557deb 100644 --- a/epan/dissectors/asn1/kerberos/packet-kerberos-template.c +++ b/epan/dissectors/asn1/kerberos/packet-kerberos-template.c @@ -107,7 +107,7 @@ static dissector_handle_t kerberos_handle_udp; static int dissect_kerberos_Applications(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); static int dissect_kerberos_PA_ENC_TIMESTAMP(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); static int dissect_kerberos_PA_ENC_TS_ENC(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); -static int dissect_kerberos_KERB_PA_PAC_REQUEST(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); +static int dissect_kerberos_PA_PAC_REQUEST(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); static int dissect_kerberos_PA_S4U2Self(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); static int dissect_kerberos_PA_S4U_X509_USER(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); static int dissect_kerberos_ETYPE_INFO(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); diff --git a/epan/dissectors/packet-kerberos.c b/epan/dissectors/packet-kerberos.c index 32715008a0..a6db91630f 100644 --- a/epan/dissectors/packet-kerberos.c +++ b/epan/dissectors/packet-kerberos.c @@ -115,7 +115,7 @@ static dissector_handle_t kerberos_handle_udp; static int dissect_kerberos_Applications(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); static int dissect_kerberos_PA_ENC_TIMESTAMP(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); static int dissect_kerberos_PA_ENC_TS_ENC(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); -static int dissect_kerberos_KERB_PA_PAC_REQUEST(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); +static int dissect_kerberos_PA_PAC_REQUEST(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); static int dissect_kerberos_PA_S4U2Self(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); static int dissect_kerberos_PA_S4U_X509_USER(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); static int dissect_kerberos_ETYPE_INFO(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); @@ -328,6 +328,7 @@ static int hf_kerberos_ETYPE_INFO_item = -1; /* ETYPE_INFO_ENTRY */ static int hf_kerberos_salt_01 = -1; /* KerberosString */ static int hf_kerberos_s2kparams = -1; /* OCTET_STRING */ static int hf_kerberos_ETYPE_INFO2_item = -1; /* ETYPE_INFO2_ENTRY */ +static int hf_kerberos_include_pac = -1; /* BOOLEAN */ static int hf_kerberos_name = -1; /* PrincipalName */ static int hf_kerberos_auth = -1; /* GeneralString */ static int hf_kerberos_user_id = -1; /* S4UUserID */ @@ -335,7 +336,6 @@ static int hf_kerberos_checksum_01 = -1; /* Checksum */ static int hf_kerberos_cname_01 = -1; /* PrincipalName */ static int hf_kerberos_subject_certificate = -1; /* T_subject_certificate */ static int hf_kerberos_options = -1; /* BIT_STRING */ -static int hf_kerberos_include_pac = -1; /* BOOLEAN */ static int hf_kerberos_flags_01 = -1; /* PAC_OPTIONS_FLAGS */ static int hf_kerberos_restriction_type = -1; /* Int32 */ static int hf_kerberos_restriction = -1; /* OCTET_STRING */ @@ -489,10 +489,10 @@ static gint ett_kerberos_ETYPE_INFO2 = -1; static gint ett_kerberos_APOptions = -1; static gint ett_kerberos_TicketFlags = -1; static gint ett_kerberos_KDCOptions = -1; +static gint ett_kerberos_PA_PAC_REQUEST = -1; static gint ett_kerberos_PA_S4U2Self = -1; static gint ett_kerberos_PA_S4U_X509_USER = -1; static gint ett_kerberos_S4UUserID = -1; -static gint ett_kerberos_KERB_PA_PAC_REQUEST = -1; static gint ett_kerberos_PAC_OPTIONS_FLAGS = -1; static gint ett_kerberos_PA_PAC_OPTIONS = -1; static gint ett_kerberos_KERB_AD_RESTRICTION_ENTRY_U = -1; @@ -2884,7 +2884,7 @@ static const value_string kerberos_ENCTYPE_vals[] = { static int dissect_kerberos_ENCTYPE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 276 "./asn1/kerberos/kerberos.cnf" +#line 275 "./asn1/kerberos/kerberos.cnf" kerberos_private_data_t *private_data = kerberos_get_private_data(actx); offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index, &(private_data->etype)); @@ -2909,7 +2909,7 @@ dissect_kerberos_UInt32(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset static int dissect_kerberos_T_encryptedTicketData_cipher(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 280 "./asn1/kerberos/kerberos.cnf" +#line 279 "./asn1/kerberos/kerberos.cnf" #ifdef HAVE_KERBEROS offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_ticket_data); #else @@ -3037,7 +3037,7 @@ static const value_string kerberos_CKSUMTYPE_vals[] = { static int dissect_kerberos_CKSUMTYPE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 337 "./asn1/kerberos/kerberos.cnf" +#line 336 "./asn1/kerberos/kerberos.cnf" kerberos_private_data_t *private_data = kerberos_get_private_data(actx); offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index, &(private_data->checksum_type)); @@ -3052,7 +3052,7 @@ dissect_kerberos_CKSUMTYPE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int off static int dissect_kerberos_T_checksum(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 341 "./asn1/kerberos/kerberos.cnf" +#line 340 "./asn1/kerberos/kerberos.cnf" tvbuff_t *next_tvb; kerberos_private_data_t *private_data = kerberos_get_private_data(actx); @@ -3119,7 +3119,7 @@ dissect_kerberos_Int32(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset static int dissect_kerberos_T_keytype(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 355 "./asn1/kerberos/kerberos.cnf" +#line 354 "./asn1/kerberos/kerberos.cnf" kerberos_private_data_t *private_data = kerberos_get_private_data(actx); offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index, @@ -3135,7 +3135,7 @@ dissect_kerberos_T_keytype(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int off static int dissect_kerberos_T_keyvalue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 362 "./asn1/kerberos/kerberos.cnf" +#line 361 "./asn1/kerberos/kerberos.cnf" tvbuff_t *out_tvb; kerberos_private_data_t *private_data = kerberos_get_private_data(actx); @@ -3160,7 +3160,7 @@ static const ber_sequence_t EncryptionKey_sequence[] = { static int dissect_kerberos_EncryptionKey(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 371 "./asn1/kerberos/kerberos.cnf" +#line 370 "./asn1/kerberos/kerberos.cnf" kerberos_private_data_t *private_data = kerberos_get_private_data(actx); offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, @@ -3209,7 +3209,7 @@ static const value_string kerberos_AUTHDATA_TYPE_vals[] = { static int dissect_kerberos_AUTHDATA_TYPE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 382 "./asn1/kerberos/kerberos.cnf" +#line 381 "./asn1/kerberos/kerberos.cnf" kerberos_private_data_t *private_data = kerberos_get_private_data(actx); offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index, &(private_data->ad_type)); @@ -3224,7 +3224,7 @@ dissect_kerberos_AUTHDATA_TYPE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int static int dissect_kerberos_T_ad_data(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 386 "./asn1/kerberos/kerberos.cnf" +#line 385 "./asn1/kerberos/kerberos.cnf" kerberos_private_data_t *private_data = kerberos_get_private_data(actx); switch(private_data->ad_type){ @@ -3387,7 +3387,7 @@ static const value_string kerberos_ADDR_TYPE_vals[] = { static int dissect_kerberos_ADDR_TYPE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 415 "./asn1/kerberos/kerberos.cnf" +#line 414 "./asn1/kerberos/kerberos.cnf" kerberos_private_data_t *private_data = kerberos_get_private_data(actx); offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index, &(private_data->addr_type)); @@ -3402,7 +3402,7 @@ dissect_kerberos_ADDR_TYPE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int off static int dissect_kerberos_T_address(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 225 "./asn1/kerberos/kerberos.cnf" +#line 224 "./asn1/kerberos/kerberos.cnf" gint8 appclass; gboolean pc; gint32 tag; @@ -3535,7 +3535,7 @@ static const value_string kerberos_MESSAGE_TYPE_vals[] = { static int dissect_kerberos_MESSAGE_TYPE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 75 "./asn1/kerberos/kerberos.cnf" +#line 74 "./asn1/kerberos/kerberos.cnf" kerberos_private_data_t *private_data = kerberos_get_private_data(actx); guint32 msgtype; @@ -3545,7 +3545,7 @@ dissect_kerberos_MESSAGE_TYPE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int -#line 81 "./asn1/kerberos/kerberos.cnf" +#line 80 "./asn1/kerberos/kerberos.cnf" if (gbl_do_col_info) { col_add_str(actx->pinfo->cinfo, COL_INFO, val_to_str(msgtype, krb5_msg_types, @@ -3636,14 +3636,14 @@ static const value_string kerberos_PADATA_TYPE_vals[] = { static int dissect_kerberos_PADATA_TYPE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 136 "./asn1/kerberos/kerberos.cnf" +#line 135 "./asn1/kerberos/kerberos.cnf" kerberos_private_data_t* private_data = kerberos_get_private_data(actx); offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index, &(private_data->padata_type)); -#line 139 "./asn1/kerberos/kerberos.cnf" +#line 138 "./asn1/kerberos/kerberos.cnf" if(tree){ proto_item_append_text(tree, " %s", val_to_str(private_data->padata_type, kerberos_PADATA_TYPE_vals, @@ -3658,7 +3658,7 @@ dissect_kerberos_PADATA_TYPE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int o static int dissect_kerberos_T_padata_value(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 146 "./asn1/kerberos/kerberos.cnf" +#line 145 "./asn1/kerberos/kerberos.cnf" proto_tree *sub_tree=tree; kerberos_private_data_t* private_data = kerberos_get_private_data(actx); @@ -3685,7 +3685,7 @@ dissect_kerberos_T_padata_value(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, in offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_pkinit_PaPkAsRep); break; case KERBEROS_PA_PAC_REQUEST: - offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_KERB_PA_PAC_REQUEST); + offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_PAC_REQUEST); break; case KERBEROS_PA_FOR_USER: /* S4U2SELF */ offset=dissect_ber_octet_string_wcb(FALSE, actx, sub_tree, tvb, offset,hf_index, dissect_kerberos_PA_S4U2Self); @@ -3833,7 +3833,7 @@ dissect_kerberos_SEQUENCE_OF_ENCTYPE(gboolean implicit_tag _U_, tvbuff_t *tvb _U static int dissect_kerberos_T_encryptedAuthorizationData_cipher(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 288 "./asn1/kerberos/kerberos.cnf" +#line 287 "./asn1/kerberos/kerberos.cnf" #ifdef HAVE_KERBEROS offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_authenticator_data); #else @@ -3896,7 +3896,7 @@ static const ber_sequence_t KDC_REQ_BODY_sequence[] = { static int dissect_kerberos_KDC_REQ_BODY(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 419 "./asn1/kerberos/kerberos.cnf" +#line 418 "./asn1/kerberos/kerberos.cnf" conversation_t *conversation; /* @@ -3957,7 +3957,7 @@ dissect_kerberos_AS_REQ(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset static int dissect_kerberos_T_encryptedKDCREPData_cipher(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 296 "./asn1/kerberos/kerberos.cnf" +#line 295 "./asn1/kerberos/kerberos.cnf" #ifdef HAVE_KERBEROS offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_KDC_REP_data); #else @@ -4087,7 +4087,7 @@ dissect_kerberos_AP_REQ(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset static int dissect_kerberos_T_encryptedAPREPData_cipher(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 312 "./asn1/kerberos/kerberos.cnf" +#line 311 "./asn1/kerberos/kerberos.cnf" #ifdef HAVE_KERBEROS offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_AP_REP_data); #else @@ -4148,7 +4148,7 @@ dissect_kerberos_AP_REP(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset static int dissect_kerberos_T_kRB_SAFE_BODY_user_data(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 442 "./asn1/kerberos/kerberos.cnf" +#line 441 "./asn1/kerberos/kerberos.cnf" kerberos_private_data_t* private_data = kerberos_get_private_data(actx); tvbuff_t *new_tvb; offset=dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_index, &new_tvb); @@ -4211,7 +4211,7 @@ dissect_kerberos_KRB_SAFE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offs static int dissect_kerberos_T_encryptedKrbPrivData_cipher(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 320 "./asn1/kerberos/kerberos.cnf" +#line 319 "./asn1/kerberos/kerberos.cnf" #ifdef HAVE_KERBEROS offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_PRIV_data); #else @@ -4272,7 +4272,7 @@ dissect_kerberos_KRB_PRIV(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offs static int dissect_kerberos_T_encryptedKrbCredData_cipher(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 328 "./asn1/kerberos/kerberos.cnf" +#line 327 "./asn1/kerberos/kerberos.cnf" #ifdef HAVE_KERBEROS offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_CRED_data); #else @@ -4398,14 +4398,14 @@ dissect_kerberos_METHOD_DATA(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int o static int dissect_kerberos_T_encrypted_pa_data(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 458 "./asn1/kerberos/kerberos.cnf" +#line 457 "./asn1/kerberos/kerberos.cnf" kerberos_private_data_t* private_data = kerberos_get_private_data(actx); private_data->is_enc_padata = TRUE; offset = dissect_kerberos_METHOD_DATA(implicit_tag, tvb, offset, actx, tree, hf_index); -#line 462 "./asn1/kerberos/kerberos.cnf" +#line 461 "./asn1/kerberos/kerberos.cnf" private_data->is_enc_padata = FALSE; @@ -4489,7 +4489,7 @@ dissect_kerberos_EncAPRepPart(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int static int dissect_kerberos_T_encKrbPrivPart_user_data(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 450 "./asn1/kerberos/kerberos.cnf" +#line 449 "./asn1/kerberos/kerberos.cnf" kerberos_private_data_t* private_data = kerberos_get_private_data(actx); tvbuff_t *new_tvb; offset=dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_index, &new_tvb); @@ -4702,7 +4702,7 @@ static const value_string kerberos_ERROR_CODE_vals[] = { static int dissect_kerberos_ERROR_CODE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 97 "./asn1/kerberos/kerberos.cnf" +#line 96 "./asn1/kerberos/kerberos.cnf" kerberos_private_data_t *private_data = kerberos_get_private_data(actx); offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index, &private_data->errorcode); @@ -4710,7 +4710,7 @@ dissect_kerberos_ERROR_CODE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int of -#line 101 "./asn1/kerberos/kerberos.cnf" +#line 100 "./asn1/kerberos/kerberos.cnf" if (private_data->errorcode) { col_add_fstr(actx->pinfo->cinfo, COL_INFO, "KRB Error: %s", @@ -4727,7 +4727,7 @@ dissect_kerberos_ERROR_CODE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int of static int dissect_kerberos_T_e_data(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 111 "./asn1/kerberos/kerberos.cnf" +#line 110 "./asn1/kerberos/kerberos.cnf" kerberos_private_data_t *private_data = kerberos_get_private_data(actx); switch (private_data->errorcode) { @@ -4846,7 +4846,7 @@ dissect_kerberos_EncryptedData(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int static int dissect_kerberos_T_pA_ENC_TIMESTAMP_cipher(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 304 "./asn1/kerberos/kerberos.cnf" +#line 303 "./asn1/kerberos/kerberos.cnf" #ifdef HAVE_KERBEROS offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_PA_ENC_TIMESTAMP); #else @@ -4961,6 +4961,29 @@ dissect_kerberos_AD_IF_RELEVANT(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, in static int +dissect_kerberos_BOOLEAN(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { + offset = dissect_ber_boolean(implicit_tag, actx, tree, tvb, offset, hf_index, NULL); + + return offset; +} + + +static const ber_sequence_t PA_PAC_REQUEST_sequence[] = { + { &hf_kerberos_include_pac, BER_CLASS_CON, 0, 0, dissect_kerberos_BOOLEAN }, + { NULL, 0, 0, 0, NULL } +}; + +static int +dissect_kerberos_PA_PAC_REQUEST(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { + offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, + PA_PAC_REQUEST_sequence, hf_index, ett_kerberos_PA_PAC_REQUEST); + + return offset; +} + + + +static int dissect_kerberos_GeneralString(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { offset = dissect_ber_restricted_string(implicit_tag, BER_UNI_TAG_GeneralString, actx, tree, tvb, offset, hf_index, @@ -4990,7 +5013,7 @@ dissect_kerberos_PA_S4U2Self(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int o static int dissect_kerberos_T_subject_certificate(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 412 "./asn1/kerberos/kerberos.cnf" +#line 411 "./asn1/kerberos/kerberos.cnf" offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset,hf_index, dissect_x509af_Certificate); @@ -5043,29 +5066,6 @@ dissect_kerberos_PA_S4U_X509_USER(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, } - -static int -dissect_kerberos_BOOLEAN(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { - offset = dissect_ber_boolean(implicit_tag, actx, tree, tvb, offset, hf_index, NULL); - - return offset; -} - - -static const ber_sequence_t KERB_PA_PAC_REQUEST_sequence[] = { - { &hf_kerberos_include_pac, BER_CLASS_CON, 0, 0, dissect_kerberos_BOOLEAN }, - { NULL, 0, 0, 0, NULL } -}; - -static int -dissect_kerberos_KERB_PA_PAC_REQUEST(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { - offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, - KERB_PA_PAC_REQUEST_sequence, hf_index, ett_kerberos_KERB_PA_PAC_REQUEST); - - return offset; -} - - static const int * PAC_OPTIONS_FLAGS_bits[] = { &hf_kerberos_PAC_OPTIONS_FLAGS_claims, &hf_kerberos_PAC_OPTIONS_FLAGS_branch_aware, @@ -6198,6 +6198,10 @@ void proto_register_kerberos(void) { { "ETYPE-INFO2-ENTRY", "kerberos.ETYPE_INFO2_ENTRY_element", FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }}, + { &hf_kerberos_include_pac, + { "include-pac", "kerberos.include_pac", + FT_BOOLEAN, BASE_NONE, NULL, 0, + "BOOLEAN", HFILL }}, { &hf_kerberos_name, { "name", "kerberos.name_element", FT_NONE, BASE_NONE, NULL, 0, @@ -6226,10 +6230,6 @@ void proto_register_kerberos(void) { { "options", "kerberos.options", FT_BYTES, BASE_NONE, NULL, 0, "BIT_STRING", HFILL }}, - { &hf_kerberos_include_pac, - { "include-pac", "kerberos.include_pac", - FT_BOOLEAN, BASE_NONE, NULL, 0, - "BOOLEAN", HFILL }}, { &hf_kerberos_flags_01, { "flags", "kerberos.flags", FT_BYTES, BASE_NONE, NULL, 0, @@ -6606,10 +6606,10 @@ void proto_register_kerberos(void) { &ett_kerberos_APOptions, &ett_kerberos_TicketFlags, &ett_kerberos_KDCOptions, + &ett_kerberos_PA_PAC_REQUEST, &ett_kerberos_PA_S4U2Self, &ett_kerberos_PA_S4U_X509_USER, &ett_kerberos_S4UUserID, - &ett_kerberos_KERB_PA_PAC_REQUEST, &ett_kerberos_PAC_OPTIONS_FLAGS, &ett_kerberos_PA_PAC_OPTIONS, &ett_kerberos_KERB_AD_RESTRICTION_ENTRY_U, |