diff options
author | Pascal Quantin <pascal.quantin@gmail.com> | 2014-12-14 17:03:08 +0100 |
---|---|---|
committer | Pascal Quantin <pascal.quantin@gmail.com> | 2014-12-14 18:43:38 +0000 |
commit | 16f38e9ab27a076418e88fe38edd9b8bcf6a1345 (patch) | |
tree | 19ab39feeb1900471057de56788c8d8be40d8b28 /asn1 | |
parent | e9f96832bdd9eed82dd767159fae08bf725a786c (diff) |
Kerberos: import KRB5_AD_WIN2K_PAC dissection from old non ASN.1 based dissector
Bug: 10539
Change-Id: I06d1179210bdcc63800ef9580bb274c714a77c6e
Reviewed-on: https://code.wireshark.org/review/5761
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Diffstat (limited to 'asn1')
-rw-r--r-- | asn1/kerberos/kerberos.cnf | 5 | ||||
-rw-r--r-- | asn1/kerberos/packet-kerberos-template.c | 455 |
2 files changed, 455 insertions, 5 deletions
diff --git a/asn1/kerberos/kerberos.cnf b/asn1/kerberos/kerberos.cnf index edafd6032b..e9abbc5603 100644 --- a/asn1/kerberos/kerberos.cnf +++ b/asn1/kerberos/kerberos.cnf @@ -329,11 +329,16 @@ guint32 msgtype; kerberos_private_data_t *private_data = kerberos_get_private_data(actx); offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index, &(private_data->ad_type)); +#.TYPE_ATTR +AuthorizationData/_item/ad-type STRINGS=VALS(krb5_ad_types) #.FN_BODY AuthorizationData/_item/ad-data kerberos_private_data_t *private_data = kerberos_get_private_data(actx); switch(private_data->ad_type){ + case KRB5_AD_WIN2K_PAC: + offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset, hf_index, dissect_krb5_AD_WIN2K_PAC); + break; case KRB5_AD_IF_RELEVANT: offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset, hf_index, dissect_kerberos_AD_IF_RELEVANT); break; diff --git a/asn1/kerberos/packet-kerberos-template.c b/asn1/kerberos/packet-kerberos-template.c index cf8c93c7d5..6e8fbc0f0d 100644 --- a/asn1/kerberos/packet-kerberos-template.c +++ b/asn1/kerberos/packet-kerberos-template.c @@ -143,12 +143,48 @@ static gint hf_krb_gssapi_c_flag_sequence = -1; static gint hf_krb_gssapi_c_flag_conf = -1; static gint hf_krb_gssapi_c_flag_integ = -1; static gint hf_krb_gssapi_c_flag_dce_style = -1; +static gint hf_krb_midl_version = -1; +static gint hf_krb_midl_hdr_len = -1; +static gint hf_krb_midl_fill_bytes = -1; +static gint hf_krb_midl_blob_len = -1; +static gint hf_krb_pac_signature_type = -1; +static gint hf_krb_pac_signature_signature = -1; +static gint hf_krb_w2k_pac_entries = -1; +static gint hf_krb_w2k_pac_version = -1; +static gint hf_krb_w2k_pac_type = -1; +static gint hf_krb_w2k_pac_size = -1; +static gint hf_krb_w2k_pac_offset = -1; +static gint hf_krb_pac_clientid = -1; +static gint hf_krb_pac_namelen = -1; +static gint hf_krb_pac_clientname = -1; +static gint hf_krb_pac_logon_info = -1; +static gint hf_krb_pac_credential_type = -1; +static gint hf_krb_pac_s4u_delegation_info = -1; +static gint hf_krb_pac_upn_dns_info = -1; +static gint hf_krb_pac_upn_flags = -1; +static gint hf_krb_pac_upn_dns_offset = -1; +static gint hf_krb_pac_upn_dns_len = -1; +static gint hf_krb_pac_upn_upn_offset = -1; +static gint hf_krb_pac_upn_upn_len = -1; +static gint hf_krb_pac_upn_upn_name = -1; +static gint hf_krb_pac_upn_dns_name = -1; +static gint hf_krb_pac_server_checksum = -1; +static gint hf_krb_pac_privsvr_checksum = -1; +static gint hf_krb_pac_client_info_type = -1; #include "packet-kerberos-hf.c" /* Initialize the subtree pointers */ static gint ett_kerberos = -1; static gint ett_krb_recordmark = -1; - +static gint ett_krb_pac = -1; +static gint ett_krb_pac_drep = -1; +static gint ett_krb_pac_midl_blob = -1; +static gint ett_krb_pac_logon_info = -1; +static gint ett_krb_pac_s4u_delegation_info = -1; +static gint ett_krb_pac_upn_dns_info = -1; +static gint ett_krb_pac_server_checksum = -1; +static gint ett_krb_pac_privsvr_checksum = -1; +static gint ett_krb_pac_client_info_type = -1; #include "packet-kerberos-ett.c" static expert_field ei_kerberos_decrypted_keytype = EI_INIT; @@ -1073,7 +1109,6 @@ static const value_string krb5_error_codes[] = { }; -#if 0 #define PAC_LOGON_INFO 1 #define PAC_CREDENTIAL_TYPE 2 #define PAC_SERVER_CHECKSUM 6 @@ -1092,7 +1127,7 @@ static const value_string w2k_pac_types[] = { { 0, NULL }, }; - +#if 0 static const value_string krb5_princ_types[] = { { KRB5_NT_UNKNOWN , "Unknown" }, { KRB5_NT_PRINCIPAL , "Principal" }, @@ -1229,7 +1264,7 @@ static const value_string krb5_checksum_types[] = { #define KRB5_AD_OSF_DCE_PKI_CERTID 66 #define KRB5_AD_WIN2K_PAC 128 #define KRB5_AD_SIGNTICKET 0xffffffef -#if 0 + static const value_string krb5_ad_types[] = { { KRB5_AD_IF_RELEVANT , "AD-IF-RELEVANT" }, { KRB5_AD_INTENDED_FOR_SERVER , "AD-Intended-For-Server" }, @@ -1246,7 +1281,7 @@ static const value_string krb5_ad_types[] = { { KRB5_AD_SIGNTICKET , "AD-SignTicket" }, { 0 , NULL }, }; - +#if 0 static const value_string krb5_transited_types[] = { { 1 , "DOMAIN-X500-COMPRESS" }, { 0 , NULL } @@ -1651,6 +1686,323 @@ dissect_krb5_PW_SALT(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U return offset; } +static int +dissect_krb5_PAC_DREP(proto_tree *parent_tree, tvbuff_t *tvb, int offset, guint8 *drep) +{ + proto_tree *tree; + guint8 val; + + tree = proto_tree_add_subtree(parent_tree, tvb, offset, 16, ett_krb_pac_drep, NULL, "DREP"); + + val = tvb_get_guint8(tvb, offset); + proto_tree_add_uint(tree, hf_dcerpc_drep_byteorder, tvb, offset, 1, val>>4); + + offset++; + + if (drep) { + *drep = val; + } + + return offset; +} + +/* This might be some sort of header that MIDL generates when creating + * marshalling/unmarshalling code for blobs that are not to be transported + * ontop of DCERPC and where the DREP fields specifying things such as + * endianess and similar are not available. + */ +static int +dissect_krb5_PAC_NDRHEADERBLOB(proto_tree *parent_tree, tvbuff_t *tvb, int offset, guint8 *drep, asn1_ctx_t *actx _U_) +{ + proto_tree *tree; + + tree = proto_tree_add_subtree(parent_tree, tvb, offset, 16, ett_krb_pac_midl_blob, NULL, "MES header"); + + /* modified DREP field that is used for stuff that is transporetd ontop + of non dcerpc + */ + proto_tree_add_item(tree, hf_krb_midl_version, tvb, offset, 1, ENC_LITTLE_ENDIAN); + offset++; + + offset = dissect_krb5_PAC_DREP(tree, tvb, offset, drep); + + + proto_tree_add_item(tree, hf_krb_midl_hdr_len, tvb, offset, 2, ENC_LITTLE_ENDIAN); + offset+=2; + + proto_tree_add_item(tree, hf_krb_midl_fill_bytes, tvb, offset, 4, ENC_LITTLE_ENDIAN); + offset += 4; + + /* length of blob that follows */ + proto_tree_add_item(tree, hf_krb_midl_blob_len, tvb, offset, 8, ENC_LITTLE_ENDIAN); + offset += 8; + + return offset; +} + +static int +dissect_krb5_PAC_LOGON_INFO(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_) +{ + proto_item *item; + proto_tree *tree; + guint8 drep[4] = { 0x10, 0x00, 0x00, 0x00}; /* fake DREP struct */ + static dcerpc_info di; /* fake dcerpc_info struct */ + static dcerpc_call_value call_data; + + item = proto_tree_add_item(parent_tree, hf_krb_pac_logon_info, tvb, offset, -1, ENC_NA); + tree = proto_item_add_subtree(item, ett_krb_pac_logon_info); + + /* skip the first 16 bytes, they are some magic created by the idl + * compiler the first 4 bytes might be flags? + */ + offset = dissect_krb5_PAC_NDRHEADERBLOB(tree, tvb, offset, &drep[0], actx); + + /* the PAC_LOGON_INFO blob */ + /* fake whatever state the dcerpc runtime support needs */ + di.conformant_run=0; + /* we need di->call_data->flags.NDR64 == 0 */ + di.call_data=&call_data; + init_ndr_pointer_list(&di); + offset = dissect_ndr_pointer(tvb, offset, actx->pinfo, tree, &di, drep, + netlogon_dissect_PAC_LOGON_INFO, NDR_POINTER_UNIQUE, + "PAC_LOGON_INFO:", -1); + + return offset; +} + +static int +dissect_krb5_PAC_S4U_DELEGATION_INFO(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx) +{ + proto_item *item; + proto_tree *tree; + guint8 drep[4] = { 0x10, 0x00, 0x00, 0x00}; /* fake DREP struct */ + static dcerpc_info di; /* fake dcerpc_info struct */ + static dcerpc_call_value call_data; + + item = proto_tree_add_item(parent_tree, hf_krb_pac_s4u_delegation_info, tvb, offset, -1, ENC_NA); + tree = proto_item_add_subtree(item, ett_krb_pac_s4u_delegation_info); + + /* skip the first 16 bytes, they are some magic created by the idl + * compiler the first 4 bytes might be flags? + */ + offset = dissect_krb5_PAC_NDRHEADERBLOB(tree, tvb, offset, &drep[0], actx); + + + /* the S4U_DELEGATION_INFO blob. See [MS-PAC] */ + /* fake whatever state the dcerpc runtime support needs */ + di.conformant_run=0; + /* we need di->call_data->flags.NDR64 == 0 */ + di.call_data=&call_data; + init_ndr_pointer_list(&di); + offset = dissect_ndr_pointer(tvb, offset, actx->pinfo, tree, &di, drep, + netlogon_dissect_PAC_S4U_DELEGATION_INFO, NDR_POINTER_UNIQUE, + "PAC_S4U_DELEGATION_INFO:", -1); + + return offset; +} + +static int +dissect_krb5_PAC_UPN_DNS_INFO(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_) +{ + proto_item *item; + proto_tree *tree; + guint16 dns_offset, dns_len; + guint16 upn_offset, upn_len; + const char *dn; + int dn_len; + guint16 bc; + + item = proto_tree_add_item(parent_tree, hf_krb_pac_upn_dns_info, tvb, offset, -1, ENC_NA); + tree = proto_item_add_subtree(item, ett_krb_pac_upn_dns_info); + + /* upn */ + upn_len = tvb_get_letohs(tvb, offset); + proto_tree_add_item(tree, hf_krb_pac_upn_upn_len, tvb, offset, 2, ENC_LITTLE_ENDIAN); + offset+=2; + upn_offset = tvb_get_letohs(tvb, offset); + proto_tree_add_item(tree, hf_krb_pac_upn_upn_offset, tvb, offset, 2, ENC_LITTLE_ENDIAN); + offset+=2; + + /* dns */ + dns_len = tvb_get_letohs(tvb, offset); + proto_tree_add_item(tree, hf_krb_pac_upn_dns_len, tvb, offset, 2, ENC_LITTLE_ENDIAN); + offset+=2; + dns_offset = tvb_get_letohs(tvb, offset); + proto_tree_add_item(tree, hf_krb_pac_upn_dns_offset, tvb, offset, 2, ENC_LITTLE_ENDIAN); + offset+=2; + + /* flags */ + proto_tree_add_item(tree, hf_krb_pac_upn_flags, tvb, offset, 4, ENC_LITTLE_ENDIAN); + + /* upn */ + offset = upn_offset; + dn_len = upn_len; + bc = tvb_reported_length_remaining(tvb, offset); + dn = get_unicode_or_ascii_string(tvb, &offset, TRUE, &dn_len, TRUE, TRUE, &bc); + proto_tree_add_string(tree, hf_krb_pac_upn_upn_name, tvb, upn_offset, upn_len, dn); + + /* dns */ + offset = dns_offset; + dn_len = dns_len; + bc = tvb_reported_length_remaining(tvb, offset); + dn = get_unicode_or_ascii_string(tvb, &offset, TRUE, &dn_len, TRUE, TRUE, &bc); + proto_tree_add_string(tree, hf_krb_pac_upn_dns_name, tvb, dns_offset, dns_len, dn); + + return offset; +} + +static int +dissect_krb5_PAC_CREDENTIAL_TYPE(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_) +{ + proto_tree_add_item(parent_tree, hf_krb_pac_credential_type, tvb, offset, -1, ENC_NA); + + return offset; +} + +static int +dissect_krb5_PAC_SERVER_CHECKSUM(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_) +{ + proto_item *item; + proto_tree *tree; + + item = proto_tree_add_item(parent_tree, hf_krb_pac_server_checksum, tvb, offset, -1, ENC_NA); + tree = proto_item_add_subtree(item, ett_krb_pac_server_checksum); + + /* signature type */ + proto_tree_add_item(tree, hf_krb_pac_signature_type, tvb, offset, 4, ENC_LITTLE_ENDIAN); + offset+=4; + + /* signature data */ + proto_tree_add_item(tree, hf_krb_pac_signature_signature, tvb, offset, -1, ENC_NA); + + return offset; +} + +static int +dissect_krb5_PAC_PRIVSVR_CHECKSUM(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_) +{ + proto_item *item; + proto_tree *tree; + + item = proto_tree_add_item(parent_tree, hf_krb_pac_privsvr_checksum, tvb, offset, -1, ENC_NA); + tree = proto_item_add_subtree(item, ett_krb_pac_privsvr_checksum); + + /* signature type */ + proto_tree_add_item(tree, hf_krb_pac_signature_type, tvb, offset, 4, ENC_LITTLE_ENDIAN); + offset+=4; + + /* signature data */ + proto_tree_add_item(tree, hf_krb_pac_signature_signature, tvb, offset, -1, ENC_NA); + + return offset; +} + +static int +dissect_krb5_PAC_CLIENT_INFO_TYPE(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_) +{ + proto_item *item; + proto_tree *tree; + guint16 namelen; + + item = proto_tree_add_item(parent_tree, hf_krb_pac_client_info_type, tvb, offset, -1, ENC_NA); + tree = proto_item_add_subtree(item, ett_krb_pac_client_info_type); + + /* clientid */ + offset = dissect_nt_64bit_time(tvb, tree, offset, hf_krb_pac_clientid); + + /* name length */ + namelen=tvb_get_letohs(tvb, offset); + proto_tree_add_uint(tree, hf_krb_pac_namelen, tvb, offset, 2, namelen); + offset+=2; + + /* client name */ + proto_tree_add_item(tree, hf_krb_pac_clientname, tvb, offset, namelen, ENC_UTF_16|ENC_LITTLE_ENDIAN); + offset+=namelen; + + return offset; +} + +static int +dissect_krb5_AD_WIN2K_PAC_struct(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx) +{ + guint32 pac_type; + guint32 pac_size; + guint32 pac_offset; + proto_item *it=NULL; + proto_tree *tr=NULL; + tvbuff_t *next_tvb; + + /* type of pac data */ + pac_type=tvb_get_letohl(tvb, offset); + it=proto_tree_add_uint(tree, hf_krb_w2k_pac_type, tvb, offset, 4, pac_type); + tr=proto_item_add_subtree(it, ett_krb_pac); + + offset += 4; + + /* size of pac data */ + pac_size=tvb_get_letohl(tvb, offset); + proto_tree_add_uint(tr, hf_krb_w2k_pac_size, tvb, offset, 4, pac_size); + offset += 4; + + /* offset to pac data */ + pac_offset=tvb_get_letohl(tvb, offset); + proto_tree_add_uint(tr, hf_krb_w2k_pac_offset, tvb, offset, 4, pac_offset); + offset += 8; + + next_tvb=tvb_new_subset(tvb, pac_offset, pac_size, pac_size); + switch(pac_type){ + case PAC_LOGON_INFO: + dissect_krb5_PAC_LOGON_INFO(tr, next_tvb, 0, actx); + break; + case PAC_CREDENTIAL_TYPE: + dissect_krb5_PAC_CREDENTIAL_TYPE(tr, next_tvb, 0, actx); + break; + case PAC_SERVER_CHECKSUM: + dissect_krb5_PAC_SERVER_CHECKSUM(tr, next_tvb, 0, actx); + break; + case PAC_PRIVSVR_CHECKSUM: + dissect_krb5_PAC_PRIVSVR_CHECKSUM(tr, next_tvb, 0, actx); + break; + case PAC_CLIENT_INFO_TYPE: + dissect_krb5_PAC_CLIENT_INFO_TYPE(tr, next_tvb, 0, actx); + break; + case PAC_S4U_DELEGATION_INFO: + dissect_krb5_PAC_S4U_DELEGATION_INFO(tr, next_tvb, 0, actx); + break; + case PAC_UPN_DNS_INFO: + dissect_krb5_PAC_UPN_DNS_INFO(tr, next_tvb, 0, actx); + break; + + default: + break; + } + return offset; +} + +static int +dissect_krb5_AD_WIN2K_PAC(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, asn1_ctx_t *actx, proto_tree *tree, int hf_index _U_) +{ + guint32 entries; + guint32 version; + guint32 i; + + /* first in the PAC structure comes the number of entries */ + entries=tvb_get_letohl(tvb, offset); + proto_tree_add_uint(tree, hf_krb_w2k_pac_entries, tvb, offset, 4, entries); + offset += 4; + + /* second comes the version */ + version=tvb_get_letohl(tvb, offset); + proto_tree_add_uint(tree, hf_krb_w2k_pac_version, tvb, offset, 4, version); + offset += 4; + + for(i=0;i<entries;i++){ + offset=dissect_krb5_AD_WIN2K_PAC_struct(tree, tvb, offset, actx); + } + + return offset; +} + #include "packet-kerberos-fn.c" /* Make wrappers around exported functions for now */ @@ -1947,6 +2299,90 @@ void proto_register_kerberos(void) { { &hf_krb_gssapi_dlglen, { "DlgLen", "kerberos.gssapi.dlglen", FT_UINT16, BASE_DEC, NULL, 0, "GSSAPI DlgLen", HFILL }}, + { &hf_krb_midl_blob_len, { + "Blob Length", "kerberos.midl_blob_len", FT_UINT64, BASE_DEC, + NULL, 0, "Length of NDR encoded data that follows", HFILL }}, + { &hf_krb_midl_fill_bytes, { + "Fill bytes", "kerberos.midl.fill_bytes", FT_UINT32, BASE_HEX, + NULL, 0, "Just some fill bytes", HFILL }}, + { &hf_krb_midl_version, { + "Version", "kerberos.midl.version", FT_UINT8, BASE_DEC, + NULL, 0, "Version of pickling", HFILL }}, + { &hf_krb_midl_hdr_len, { + "HDR Length", "kerberos.midl.hdr_len", FT_UINT16, BASE_DEC, + NULL, 0, "Length of header", HFILL }}, + { &hf_krb_pac_signature_type, { + "Type", "kerberos.pac.signature.type", FT_INT32, BASE_DEC, + NULL, 0, "PAC Signature Type", HFILL }}, + { &hf_krb_pac_signature_signature, { + "Signature", "kerberos.pac.signature.signature", FT_BYTES, BASE_NONE, + NULL, 0, "A PAC signature blob", HFILL }}, + { &hf_krb_w2k_pac_entries, { + "Num Entries", "kerberos.pac.entries", FT_UINT32, BASE_DEC, + NULL, 0, "Number of W2k PAC entries", HFILL }}, + { &hf_krb_w2k_pac_version, { + "Version", "kerberos.pac.version", FT_UINT32, BASE_DEC, + NULL, 0, "Version of PAC structures", HFILL }}, + { &hf_krb_w2k_pac_type, { + "Type", "kerberos.pac.type", FT_UINT32, BASE_DEC, + VALS(w2k_pac_types), 0, "Type of W2k PAC entry", HFILL }}, + { &hf_krb_w2k_pac_size, { + "Size", "kerberos.pac.size", FT_UINT32, BASE_DEC, + NULL, 0, "Size of W2k PAC entry", HFILL }}, + { &hf_krb_w2k_pac_offset, { + "Offset", "kerberos.pac.offset", FT_UINT32, BASE_DEC, + NULL, 0, "Offset to W2k PAC entry", HFILL }}, + { &hf_krb_pac_clientid, { + "ClientID", "kerberos.pac.clientid", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, + NULL, 0, "ClientID Timestamp", HFILL }}, + { &hf_krb_pac_namelen, { + "Name Length", "kerberos.pac.namelen", FT_UINT16, BASE_DEC, + NULL, 0, "Length of client name", HFILL }}, + { &hf_krb_pac_clientname, { + "Name", "kerberos.pac.name", FT_STRING, BASE_NONE, + NULL, 0, "Name of the Client in the PAC structure", HFILL }}, + { &hf_krb_pac_logon_info, { + "PAC_LOGON_INFO", "kerberos.pac_logon_info", FT_BYTES, BASE_NONE, + NULL, 0, "PAC_LOGON_INFO structure", HFILL }}, + { &hf_krb_pac_credential_type, { + "PAC_CREDENTIAL_TYPE", "kerberos.pac_credential_type", FT_BYTES, BASE_NONE, + NULL, 0, "PAC_CREDENTIAL_TYPE structure", HFILL }}, + { &hf_krb_pac_server_checksum, { + "PAC_SERVER_CHECKSUM", "kerberos.pac_server_checksum", FT_BYTES, BASE_NONE, + NULL, 0, "PAC_SERVER_CHECKSUM structure", HFILL }}, + { &hf_krb_pac_privsvr_checksum, { + "PAC_PRIVSVR_CHECKSUM", "kerberos.pac_privsvr_checksum", FT_BYTES, BASE_NONE, + NULL, 0, "PAC_PRIVSVR_CHECKSUM structure", HFILL }}, + { &hf_krb_pac_client_info_type, { + "PAC_CLIENT_INFO_TYPE", "kerberos.pac_client_info_type", FT_BYTES, BASE_NONE, + NULL, 0, "PAC_CLIENT_INFO_TYPE structure", HFILL }}, + { &hf_krb_pac_s4u_delegation_info, { + "PAC_S4U_DELEGATION_INFO", "kerberos.pac_s4u_delegation_info", FT_BYTES, BASE_NONE, + NULL, 0, "PAC_S4U_DELEGATION_INFO structure", HFILL }}, + { &hf_krb_pac_upn_dns_info, { + "UPN_DNS_INFO", "kerberos.pac_upn_dns_info", FT_BYTES, BASE_NONE, + NULL, 0, "UPN_DNS_INFO structure", HFILL }}, + { &hf_krb_pac_upn_flags, { + "Flags", "kerberos.pac.upn.flags", FT_UINT32, BASE_HEX, + NULL, 0, "UPN flags", HFILL }}, + { &hf_krb_pac_upn_dns_offset, { + "DNS Offset", "kerberos.pac.upn.dns_offset", FT_UINT16, BASE_DEC, + NULL, 0, NULL, HFILL }}, + { &hf_krb_pac_upn_dns_len, { + "DNS Len", "kerberos.pac.upn.dns_len", FT_UINT16, BASE_DEC, + NULL, 0, NULL, HFILL }}, + { &hf_krb_pac_upn_upn_offset, { + "UPN Offset", "kerberos.pac.upn.upn_offset", FT_UINT16, BASE_DEC, + NULL, 0, NULL, HFILL }}, + { &hf_krb_pac_upn_upn_len, { + "UPN Len", "kerberos.pac.upn.upn_len", FT_UINT16, BASE_DEC, + NULL, 0, NULL, HFILL }}, + { &hf_krb_pac_upn_upn_name, { + "UPN Name", "kerberos.pac.upn.upn_name", FT_STRING, BASE_NONE, + NULL, 0, NULL, HFILL }}, + { &hf_krb_pac_upn_dns_name, { + "DNS Name", "kerberos.pac.upn.dns_name", FT_STRING, BASE_NONE, + NULL, 0, NULL, HFILL }}, #include "packet-kerberos-hfarr.c" }; @@ -1955,6 +2391,15 @@ void proto_register_kerberos(void) { static gint *ett[] = { &ett_kerberos, &ett_krb_recordmark, + &ett_krb_pac, + &ett_krb_pac_drep, + &ett_krb_pac_midl_blob, + &ett_krb_pac_logon_info, + &ett_krb_pac_s4u_delegation_info, + &ett_krb_pac_upn_dns_info, + &ett_krb_pac_server_checksum, + &ett_krb_pac_privsvr_checksum, + &ett_krb_pac_client_info_type, #include "packet-kerberos-ettarr.c" }; |