Kerberos: import KRB5_AD_WIN2K_PAC dissection from old non ASN.1 based dissector

Bug: 10539 Change-Id: I06d1179210bdcc63800ef9580bb274c714a77c6e Reviewed-on: https://code.wireshark.org/review/5761 Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
author: Pascal Quantin <pascal.quantin@gmail.com> 2014-12-14 17:03:08 +0100
committer: Pascal Quantin <pascal.quantin@gmail.com> 2014-12-14 18:43:38 +0000
commit: 16f38e9ab27a076418e88fe38edd9b8bcf6a1345 (patch)
tree: 19ab39feeb1900471057de56788c8d8be40d8b28 /asn1
parent: e9f96832bdd9eed82dd767159fae08bf725a786c (diff)
2 files changed, 455 insertions, 5 deletions
diff --git a/asn1/kerberos/kerberos.cnf b/asn1/kerberos/kerberos.cnf
index edafd6032b..e9abbc5603 100644
--- a/asn1/kerberos/kerberos.cnf
+++ b/asn1/kerberos/kerberos.cnf
@@ -329,11 +329,16 @@ guint32 msgtype;
 	kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
 	offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
 									&(private_data->ad_type));
+#.TYPE_ATTR
+AuthorizationData/_item/ad-type STRINGS=VALS(krb5_ad_types)
 
 #.FN_BODY AuthorizationData/_item/ad-data
 	kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
 
 	switch(private_data->ad_type){
+	case KRB5_AD_WIN2K_PAC:
+		offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset, hf_index, dissect_krb5_AD_WIN2K_PAC);
+		break;
 	case KRB5_AD_IF_RELEVANT:
 		offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset, hf_index, dissect_kerberos_AD_IF_RELEVANT);
 		break;
diff --git a/asn1/kerberos/packet-kerberos-template.c b/asn1/kerberos/packet-kerberos-template.c
index cf8c93c7d5..6e8fbc0f0d 100644
--- a/asn1/kerberos/packet-kerberos-template.c
+++ b/asn1/kerberos/packet-kerberos-template.c
@@ -143,12 +143,48 @@ static gint hf_krb_gssapi_c_flag_sequence = -1;
 static gint hf_krb_gssapi_c_flag_conf = -1;
 static gint hf_krb_gssapi_c_flag_integ = -1;
 static gint hf_krb_gssapi_c_flag_dce_style = -1;
+static gint hf_krb_midl_version = -1;
+static gint hf_krb_midl_hdr_len = -1;
+static gint hf_krb_midl_fill_bytes = -1;
+static gint hf_krb_midl_blob_len = -1;
+static gint hf_krb_pac_signature_type = -1;
+static gint hf_krb_pac_signature_signature = -1;
+static gint hf_krb_w2k_pac_entries = -1;
+static gint hf_krb_w2k_pac_version = -1;
+static gint hf_krb_w2k_pac_type = -1;
+static gint hf_krb_w2k_pac_size = -1;
+static gint hf_krb_w2k_pac_offset = -1;
+static gint hf_krb_pac_clientid = -1;
+static gint hf_krb_pac_namelen = -1;
+static gint hf_krb_pac_clientname = -1;
+static gint hf_krb_pac_logon_info = -1;
+static gint hf_krb_pac_credential_type = -1;
+static gint hf_krb_pac_s4u_delegation_info = -1;
+static gint hf_krb_pac_upn_dns_info = -1;
+static gint hf_krb_pac_upn_flags = -1;
+static gint hf_krb_pac_upn_dns_offset = -1;
+static gint hf_krb_pac_upn_dns_len = -1;
+static gint hf_krb_pac_upn_upn_offset = -1;
+static gint hf_krb_pac_upn_upn_len = -1;
+static gint hf_krb_pac_upn_upn_name = -1;
+static gint hf_krb_pac_upn_dns_name = -1;
+static gint hf_krb_pac_server_checksum = -1;
+static gint hf_krb_pac_privsvr_checksum = -1;
+static gint hf_krb_pac_client_info_type = -1;
 #include "packet-kerberos-hf.c"
 
 /* Initialize the subtree pointers */
 static gint ett_kerberos = -1;
 static gint ett_krb_recordmark = -1;
-
+static gint ett_krb_pac = -1;
+static gint ett_krb_pac_drep = -1;
+static gint ett_krb_pac_midl_blob = -1;
+static gint ett_krb_pac_logon_info = -1;
+static gint ett_krb_pac_s4u_delegation_info = -1;
+static gint ett_krb_pac_upn_dns_info = -1;
+static gint ett_krb_pac_server_checksum = -1;
+static gint ett_krb_pac_privsvr_checksum = -1;
+static gint ett_krb_pac_client_info_type = -1;
 #include "packet-kerberos-ett.c"
 
 static expert_field ei_kerberos_decrypted_keytype = EI_INIT;
@@ -1073,7 +1109,6 @@ static const value_string krb5_error_codes[] = {
 };
 
 
-#if 0
 #define PAC_LOGON_INFO		1
 #define PAC_CREDENTIAL_TYPE	2
 #define PAC_SERVER_CHECKSUM	6
@@ -1092,7 +1127,7 @@ static const value_string w2k_pac_types[] = {
 	{ 0, NULL },
 };
 
-
+#if 0
 static const value_string krb5_princ_types[] = {
 	{ KRB5_NT_UNKNOWN              , "Unknown" },
 	{ KRB5_NT_PRINCIPAL            , "Principal" },
@@ -1229,7 +1264,7 @@ static const value_string krb5_checksum_types[] = {
 #define KRB5_AD_OSF_DCE_PKI_CERTID		66
 #define KRB5_AD_WIN2K_PAC				128
 #define KRB5_AD_SIGNTICKET			0xffffffef
-#if 0
+
 static const value_string krb5_ad_types[] = {
 	{ KRB5_AD_IF_RELEVANT	  		, "AD-IF-RELEVANT" },
 	{ KRB5_AD_INTENDED_FOR_SERVER		, "AD-Intended-For-Server" },
@@ -1246,7 +1281,7 @@ static const value_string krb5_ad_types[] = {
 	{ KRB5_AD_SIGNTICKET			, "AD-SignTicket" },
 	{ 0	, NULL },
 };
-
+#if 0
 static const value_string krb5_transited_types[] = {
 	{ 1                           , "DOMAIN-X500-COMPRESS" },
 	{ 0                           , NULL }
@@ -1651,6 +1686,323 @@ dissect_krb5_PW_SALT(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U
 	return offset;
 }
 
+static int
+dissect_krb5_PAC_DREP(proto_tree *parent_tree, tvbuff_t *tvb, int offset, guint8 *drep)
+{
+	proto_tree *tree;
+	guint8 val;
+
+	tree = proto_tree_add_subtree(parent_tree, tvb, offset, 16, ett_krb_pac_drep, NULL, "DREP");
+
+	val = tvb_get_guint8(tvb, offset);
+	proto_tree_add_uint(tree, hf_dcerpc_drep_byteorder, tvb, offset, 1, val>>4);
+
+	offset++;
+
+	if (drep) {
+		*drep = val;
+	}
+
+	return offset;
+}
+
+/* This might be some sort of header that MIDL generates when creating
+ * marshalling/unmarshalling code for blobs that are not to be transported
+ * ontop of DCERPC and where the DREP fields specifying things such as
+ * endianess and similar are not available.
+ */
+static int
+dissect_krb5_PAC_NDRHEADERBLOB(proto_tree *parent_tree, tvbuff_t *tvb, int offset, guint8 *drep, asn1_ctx_t *actx _U_)
+{
+	proto_tree *tree;
+
+	tree = proto_tree_add_subtree(parent_tree, tvb, offset, 16, ett_krb_pac_midl_blob, NULL, "MES header");
+
+	/* modified DREP field that is used for stuff that is transporetd ontop
+	   of non dcerpc
+	*/
+	proto_tree_add_item(tree, hf_krb_midl_version, tvb, offset, 1, ENC_LITTLE_ENDIAN);
+	offset++;
+
+	offset = dissect_krb5_PAC_DREP(tree, tvb, offset, drep);
+
+
+	proto_tree_add_item(tree, hf_krb_midl_hdr_len, tvb, offset, 2, ENC_LITTLE_ENDIAN);
+	offset+=2;
+
+	proto_tree_add_item(tree, hf_krb_midl_fill_bytes, tvb, offset, 4, ENC_LITTLE_ENDIAN);
+	offset += 4;
+
+	/* length of blob that follows */
+	proto_tree_add_item(tree, hf_krb_midl_blob_len, tvb, offset, 8, ENC_LITTLE_ENDIAN);
+	offset += 8;
+
+	return offset;
+}
+
+static int
+dissect_krb5_PAC_LOGON_INFO(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
+{
+	proto_item *item;
+	proto_tree *tree;
+	guint8 drep[4] = { 0x10, 0x00, 0x00, 0x00}; /* fake DREP struct */
+	static dcerpc_info di;      /* fake dcerpc_info struct */
+	static dcerpc_call_value call_data;
+
+	item = proto_tree_add_item(parent_tree, hf_krb_pac_logon_info, tvb, offset, -1, ENC_NA);
+	tree = proto_item_add_subtree(item, ett_krb_pac_logon_info);
+
+	/* skip the first 16 bytes, they are some magic created by the idl
+	 * compiler   the first 4 bytes might be flags?
+	 */
+	offset = dissect_krb5_PAC_NDRHEADERBLOB(tree, tvb, offset, &drep[0], actx);
+
+	/* the PAC_LOGON_INFO blob */
+	/* fake whatever state the dcerpc runtime support needs */
+	di.conformant_run=0;
+	/* we need di->call_data->flags.NDR64 == 0 */
+	di.call_data=&call_data;
+	init_ndr_pointer_list(&di);
+	offset = dissect_ndr_pointer(tvb, offset, actx->pinfo, tree, &di, drep,
+									netlogon_dissect_PAC_LOGON_INFO, NDR_POINTER_UNIQUE,
+									"PAC_LOGON_INFO:", -1);
+
+	return offset;
+}
+
+static int
+dissect_krb5_PAC_S4U_DELEGATION_INFO(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx)
+{
+	proto_item *item;
+	proto_tree *tree;
+	guint8 drep[4] = { 0x10, 0x00, 0x00, 0x00}; /* fake DREP struct */
+	static dcerpc_info di;      /* fake dcerpc_info struct */
+	static dcerpc_call_value call_data;
+
+	item = proto_tree_add_item(parent_tree, hf_krb_pac_s4u_delegation_info, tvb, offset, -1, ENC_NA);
+	tree = proto_item_add_subtree(item, ett_krb_pac_s4u_delegation_info);
+
+	/* skip the first 16 bytes, they are some magic created by the idl
+	 * compiler   the first 4 bytes might be flags?
+	 */
+	offset = dissect_krb5_PAC_NDRHEADERBLOB(tree, tvb, offset, &drep[0], actx);
+
+
+	/* the S4U_DELEGATION_INFO blob. See [MS-PAC] */
+	/* fake whatever state the dcerpc runtime support needs */
+	di.conformant_run=0;
+	/* we need di->call_data->flags.NDR64 == 0 */
+	di.call_data=&call_data;
+	init_ndr_pointer_list(&di);
+	offset = dissect_ndr_pointer(tvb, offset, actx->pinfo, tree, &di, drep,
+									netlogon_dissect_PAC_S4U_DELEGATION_INFO, NDR_POINTER_UNIQUE,
+									"PAC_S4U_DELEGATION_INFO:", -1);
+
+	return offset;
+}
+
+static int
+dissect_krb5_PAC_UPN_DNS_INFO(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
+{
+	proto_item *item;
+	proto_tree *tree;
+	guint16 dns_offset, dns_len;
+	guint16 upn_offset, upn_len;
+	const char *dn;
+	int dn_len;
+	guint16 bc;
+
+	item = proto_tree_add_item(parent_tree, hf_krb_pac_upn_dns_info, tvb, offset, -1, ENC_NA);
+	tree = proto_item_add_subtree(item, ett_krb_pac_upn_dns_info);
+
+	/* upn */
+	upn_len = tvb_get_letohs(tvb, offset);
+	proto_tree_add_item(tree, hf_krb_pac_upn_upn_len, tvb, offset, 2, ENC_LITTLE_ENDIAN);
+	offset+=2;
+	upn_offset = tvb_get_letohs(tvb, offset);
+	proto_tree_add_item(tree, hf_krb_pac_upn_upn_offset, tvb, offset, 2, ENC_LITTLE_ENDIAN);
+	offset+=2;
+
+	/* dns */
+	dns_len = tvb_get_letohs(tvb, offset);
+	proto_tree_add_item(tree, hf_krb_pac_upn_dns_len, tvb, offset, 2, ENC_LITTLE_ENDIAN);
+	offset+=2;
+	dns_offset = tvb_get_letohs(tvb, offset);
+	proto_tree_add_item(tree, hf_krb_pac_upn_dns_offset, tvb, offset, 2, ENC_LITTLE_ENDIAN);
+	offset+=2;
+
+	/* flags */
+	proto_tree_add_item(tree, hf_krb_pac_upn_flags, tvb, offset, 4, ENC_LITTLE_ENDIAN);
+
+	/* upn */
+	offset = upn_offset;
+	dn_len = upn_len;
+	bc = tvb_reported_length_remaining(tvb, offset);
+	dn = get_unicode_or_ascii_string(tvb, &offset, TRUE, &dn_len, TRUE, TRUE, &bc);
+	proto_tree_add_string(tree, hf_krb_pac_upn_upn_name, tvb, upn_offset, upn_len, dn);
+
+	/* dns */
+	offset = dns_offset;
+	dn_len = dns_len;
+	bc = tvb_reported_length_remaining(tvb, offset);
+	dn = get_unicode_or_ascii_string(tvb, &offset, TRUE, &dn_len, TRUE, TRUE, &bc);
+	proto_tree_add_string(tree, hf_krb_pac_upn_dns_name, tvb, dns_offset, dns_len, dn);
+
+	return offset;
+}
+
+static int
+dissect_krb5_PAC_CREDENTIAL_TYPE(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
+{
+	proto_tree_add_item(parent_tree, hf_krb_pac_credential_type, tvb, offset, -1, ENC_NA);
+
+	return offset;
+}
+
+static int
+dissect_krb5_PAC_SERVER_CHECKSUM(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
+{
+	proto_item *item;
+	proto_tree *tree;
+
+	item = proto_tree_add_item(parent_tree, hf_krb_pac_server_checksum, tvb, offset, -1, ENC_NA);
+	tree = proto_item_add_subtree(item, ett_krb_pac_server_checksum);
+
+	/* signature type */
+	proto_tree_add_item(tree, hf_krb_pac_signature_type, tvb, offset, 4, ENC_LITTLE_ENDIAN);
+	offset+=4;
+
+	/* signature data */
+	proto_tree_add_item(tree, hf_krb_pac_signature_signature, tvb, offset, -1, ENC_NA);
+
+	return offset;
+}
+
+static int
+dissect_krb5_PAC_PRIVSVR_CHECKSUM(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
+{
+	proto_item *item;
+	proto_tree *tree;
+
+	item = proto_tree_add_item(parent_tree, hf_krb_pac_privsvr_checksum, tvb, offset, -1, ENC_NA);
+	tree = proto_item_add_subtree(item, ett_krb_pac_privsvr_checksum);
+
+	/* signature type */
+	proto_tree_add_item(tree, hf_krb_pac_signature_type, tvb, offset, 4, ENC_LITTLE_ENDIAN);
+	offset+=4;
+
+	/* signature data */
+	proto_tree_add_item(tree, hf_krb_pac_signature_signature, tvb, offset, -1, ENC_NA);
+
+	return offset;
+}
+
+static int
+dissect_krb5_PAC_CLIENT_INFO_TYPE(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
+{
+	proto_item *item;
+	proto_tree *tree;
+	guint16 namelen;
+
+	item = proto_tree_add_item(parent_tree, hf_krb_pac_client_info_type, tvb, offset, -1, ENC_NA);
+	tree = proto_item_add_subtree(item, ett_krb_pac_client_info_type);
+
+	/* clientid */
+	offset = dissect_nt_64bit_time(tvb, tree, offset, hf_krb_pac_clientid);
+
+	/* name length */
+	namelen=tvb_get_letohs(tvb, offset);
+	proto_tree_add_uint(tree, hf_krb_pac_namelen, tvb, offset, 2, namelen);
+	offset+=2;
+
+	/* client name */
+	proto_tree_add_item(tree, hf_krb_pac_clientname, tvb, offset, namelen, ENC_UTF_16|ENC_LITTLE_ENDIAN);
+	offset+=namelen;
+
+	return offset;
+}
+
+static int
+dissect_krb5_AD_WIN2K_PAC_struct(proto_tree *tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx)
+{
+	guint32 pac_type;
+	guint32 pac_size;
+	guint32 pac_offset;
+	proto_item *it=NULL;
+	proto_tree *tr=NULL;
+	tvbuff_t *next_tvb;
+
+	/* type of pac data */
+	pac_type=tvb_get_letohl(tvb, offset);
+	it=proto_tree_add_uint(tree, hf_krb_w2k_pac_type, tvb, offset, 4, pac_type);
+	tr=proto_item_add_subtree(it, ett_krb_pac);
+
+	offset += 4;
+
+	/* size of pac data */
+	pac_size=tvb_get_letohl(tvb, offset);
+	proto_tree_add_uint(tr, hf_krb_w2k_pac_size, tvb, offset, 4, pac_size);
+	offset += 4;
+
+	/* offset to pac data */
+	pac_offset=tvb_get_letohl(tvb, offset);
+	proto_tree_add_uint(tr, hf_krb_w2k_pac_offset, tvb, offset, 4, pac_offset);
+	offset += 8;
+
+	next_tvb=tvb_new_subset(tvb, pac_offset, pac_size, pac_size);
+	switch(pac_type){
+	case PAC_LOGON_INFO:
+		dissect_krb5_PAC_LOGON_INFO(tr, next_tvb, 0, actx);
+		break;
+	case PAC_CREDENTIAL_TYPE:
+		dissect_krb5_PAC_CREDENTIAL_TYPE(tr, next_tvb, 0, actx);
+		break;
+	case PAC_SERVER_CHECKSUM:
+		dissect_krb5_PAC_SERVER_CHECKSUM(tr, next_tvb, 0, actx);
+		break;
+	case PAC_PRIVSVR_CHECKSUM:
+		dissect_krb5_PAC_PRIVSVR_CHECKSUM(tr, next_tvb, 0, actx);
+		break;
+	case PAC_CLIENT_INFO_TYPE:
+		dissect_krb5_PAC_CLIENT_INFO_TYPE(tr, next_tvb, 0, actx);
+		break;
+	case PAC_S4U_DELEGATION_INFO:
+		dissect_krb5_PAC_S4U_DELEGATION_INFO(tr, next_tvb, 0, actx);
+		break;
+	case PAC_UPN_DNS_INFO:
+		dissect_krb5_PAC_UPN_DNS_INFO(tr, next_tvb, 0, actx);
+		break;
+
+	default:
+		break;
+	}
+	return offset;
+}
+
+static int
+dissect_krb5_AD_WIN2K_PAC(gboolean implicit_tag _U_, tvbuff_t *tvb, int offset, asn1_ctx_t *actx, proto_tree *tree, int hf_index _U_)
+{
+	guint32 entries;
+	guint32 version;
+	guint32 i;
+
+	/* first in the PAC structure comes the number of entries */
+	entries=tvb_get_letohl(tvb, offset);
+	proto_tree_add_uint(tree, hf_krb_w2k_pac_entries, tvb, offset, 4, entries);
+	offset += 4;
+
+	/* second comes the version */
+	version=tvb_get_letohl(tvb, offset);
+	proto_tree_add_uint(tree, hf_krb_w2k_pac_version, tvb, offset, 4, version);
+	offset += 4;
+
+	for(i=0;i<entries;i++){
+		offset=dissect_krb5_AD_WIN2K_PAC_struct(tree, tvb, offset, actx);
+	}
+
+	return offset;
+}
+
 #include "packet-kerberos-fn.c"
 
 /* Make wrappers around exported functions for now */
@@ -1947,6 +2299,90 @@ void proto_register_kerberos(void) {
 	{ &hf_krb_gssapi_dlglen, {
 		"DlgLen", "kerberos.gssapi.dlglen", FT_UINT16, BASE_DEC,
 		NULL, 0, "GSSAPI DlgLen", HFILL }},
+	{ &hf_krb_midl_blob_len, {
+		"Blob Length", "kerberos.midl_blob_len", FT_UINT64, BASE_DEC,
+		NULL, 0, "Length of NDR encoded data that follows", HFILL }},
+	{ &hf_krb_midl_fill_bytes, {
+		"Fill bytes", "kerberos.midl.fill_bytes", FT_UINT32, BASE_HEX,
+		NULL, 0, "Just some fill bytes", HFILL }},
+	{ &hf_krb_midl_version, {
+	"Version", "kerberos.midl.version", FT_UINT8, BASE_DEC,
+	NULL, 0, "Version of pickling", HFILL }},
+	{ &hf_krb_midl_hdr_len, {
+		"HDR Length", "kerberos.midl.hdr_len", FT_UINT16, BASE_DEC,
+		NULL, 0, "Length of header", HFILL }},
+	{ &hf_krb_pac_signature_type, {
+		"Type", "kerberos.pac.signature.type", FT_INT32, BASE_DEC,
+		NULL, 0, "PAC Signature Type", HFILL }},
+	{ &hf_krb_pac_signature_signature, {
+		"Signature", "kerberos.pac.signature.signature", FT_BYTES, BASE_NONE,
+		NULL, 0, "A PAC signature blob", HFILL }},
+	{ &hf_krb_w2k_pac_entries, {
+		"Num Entries", "kerberos.pac.entries", FT_UINT32, BASE_DEC,
+		NULL, 0, "Number of W2k PAC entries", HFILL }},
+	{ &hf_krb_w2k_pac_version, {
+		"Version", "kerberos.pac.version", FT_UINT32, BASE_DEC,
+		NULL, 0, "Version of PAC structures", HFILL }},
+	{ &hf_krb_w2k_pac_type, {
+		"Type", "kerberos.pac.type", FT_UINT32, BASE_DEC,
+		VALS(w2k_pac_types), 0, "Type of W2k PAC entry", HFILL }},
+	{ &hf_krb_w2k_pac_size, {
+		"Size", "kerberos.pac.size", FT_UINT32, BASE_DEC,
+		NULL, 0, "Size of W2k PAC entry", HFILL }},
+	{ &hf_krb_w2k_pac_offset, {
+		"Offset", "kerberos.pac.offset", FT_UINT32, BASE_DEC,
+		NULL, 0, "Offset to W2k PAC entry", HFILL }},
+	{ &hf_krb_pac_clientid, {
+		"ClientID", "kerberos.pac.clientid", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL,
+		NULL, 0, "ClientID Timestamp", HFILL }},
+	{ &hf_krb_pac_namelen, {
+		"Name Length", "kerberos.pac.namelen", FT_UINT16, BASE_DEC,
+		NULL, 0, "Length of client name", HFILL }},
+	{ &hf_krb_pac_clientname, {
+		"Name", "kerberos.pac.name", FT_STRING, BASE_NONE,
+		NULL, 0, "Name of the Client in the PAC structure", HFILL }},
+	{ &hf_krb_pac_logon_info, {
+		"PAC_LOGON_INFO", "kerberos.pac_logon_info", FT_BYTES, BASE_NONE,
+		NULL, 0, "PAC_LOGON_INFO structure", HFILL }},
+	{ &hf_krb_pac_credential_type, {
+		"PAC_CREDENTIAL_TYPE", "kerberos.pac_credential_type", FT_BYTES, BASE_NONE,
+		NULL, 0, "PAC_CREDENTIAL_TYPE structure", HFILL }},
+	{ &hf_krb_pac_server_checksum, {
+		"PAC_SERVER_CHECKSUM", "kerberos.pac_server_checksum", FT_BYTES, BASE_NONE,
+		NULL, 0, "PAC_SERVER_CHECKSUM structure", HFILL }},
+	{ &hf_krb_pac_privsvr_checksum, {
+		"PAC_PRIVSVR_CHECKSUM", "kerberos.pac_privsvr_checksum", FT_BYTES, BASE_NONE,
+		NULL, 0, "PAC_PRIVSVR_CHECKSUM structure", HFILL }},
+	{ &hf_krb_pac_client_info_type, {
+		"PAC_CLIENT_INFO_TYPE", "kerberos.pac_client_info_type", FT_BYTES, BASE_NONE,
+		NULL, 0, "PAC_CLIENT_INFO_TYPE structure", HFILL }},
+	{ &hf_krb_pac_s4u_delegation_info, {
+		"PAC_S4U_DELEGATION_INFO", "kerberos.pac_s4u_delegation_info", FT_BYTES, BASE_NONE,
+		NULL, 0, "PAC_S4U_DELEGATION_INFO structure", HFILL }},
+	{ &hf_krb_pac_upn_dns_info, {
+		"UPN_DNS_INFO", "kerberos.pac_upn_dns_info", FT_BYTES, BASE_NONE,
+		NULL, 0, "UPN_DNS_INFO structure", HFILL }},
+	{ &hf_krb_pac_upn_flags, {
+		"Flags", "kerberos.pac.upn.flags", FT_UINT32, BASE_HEX,
+		NULL, 0, "UPN flags", HFILL }},
+	{ &hf_krb_pac_upn_dns_offset, {
+		"DNS Offset", "kerberos.pac.upn.dns_offset", FT_UINT16, BASE_DEC,
+		NULL, 0, NULL, HFILL }},
+	{ &hf_krb_pac_upn_dns_len, {
+		"DNS Len", "kerberos.pac.upn.dns_len", FT_UINT16, BASE_DEC,
+		NULL, 0, NULL, HFILL }},
+	{ &hf_krb_pac_upn_upn_offset, {
+		"UPN Offset", "kerberos.pac.upn.upn_offset", FT_UINT16, BASE_DEC,
+		NULL, 0, NULL, HFILL }},
+	{ &hf_krb_pac_upn_upn_len, {
+		"UPN Len", "kerberos.pac.upn.upn_len", FT_UINT16, BASE_DEC,
+		NULL, 0, NULL, HFILL }},
+	{ &hf_krb_pac_upn_upn_name, {
+		"UPN Name", "kerberos.pac.upn.upn_name", FT_STRING, BASE_NONE,
+		NULL, 0, NULL, HFILL }},
+	{ &hf_krb_pac_upn_dns_name, {
+		"DNS Name", "kerberos.pac.upn.dns_name", FT_STRING, BASE_NONE,
+		NULL, 0, NULL, HFILL }},
 
 #include "packet-kerberos-hfarr.c"
 	};
@@ -1955,6 +2391,15 @@ void proto_register_kerberos(void) {
 	static gint *ett[] = {
 		&ett_kerberos,
 		&ett_krb_recordmark,
+		&ett_krb_pac,
+		&ett_krb_pac_drep,
+		&ett_krb_pac_midl_blob,
+		&ett_krb_pac_logon_info,
+		&ett_krb_pac_s4u_delegation_info,
+		&ett_krb_pac_upn_dns_info,
+		&ett_krb_pac_server_checksum,
+		&ett_krb_pac_privsvr_checksum,
+		&ett_krb_pac_client_info_type,
 #include "packet-kerberos-ettarr.c"
 	};
author	Pascal Quantin <pascal.quantin@gmail.com>	2014-12-14 17:03:08 +0100
committer	Pascal Quantin <pascal.quantin@gmail.com>	2014-12-14 18:43:38 +0000
commit	16f38e9ab27a076418e88fe38edd9b8bcf6a1345 (patch)
tree	19ab39feeb1900471057de56788c8d8be40d8b28 /asn1
parent	e9f96832bdd9eed82dd767159fae08bf725a786c (diff)