Fix compilation without kerberos.

Error: ./asn1/kerberos/packet-kerberos-template.c:109:2: error: unknown type name ‘enc_key_t’ ./asn1/kerberos/kerberos.cnf: In function ‘dissect_kerberos_EncryptionKey’: ./asn1/kerberos/kerberos.cnf:386:7: error: unused variable ‘start_offset’ [-Werror=unused-variable] ./asn1/kerberos/kerberos.cnf: In function ‘dissect_kerberos_T_authenticator_subkey’: ./asn1/kerberos/kerberos.cnf:406:42: error: ‘save_Authenticator_subkey’ undeclared (first use in this function); did you mean ‘hf_kerberos_authenticator_subkey’? ./asn1/kerberos/kerberos.cnf:406:42: note: each undeclared identifier is reported only once for each function it appears in ./asn1/kerberos/kerberos.cnf: In function ‘dissect_kerberos_T_encTicketPart_key’: ./asn1/kerberos/kerberos.cnf:445:42: error: ‘save_EncTicketPart_key’ undeclared (first use in this function); did you mean ‘hf_kerberos_encTicketPart_key’? ./asn1/kerberos/kerberos.cnf: In function ‘dissect_kerberos_T_encKDCRepPart_key’: ./asn1/kerberos/kerberos.cnf:435:42: error: ‘save_EncKDCRepPart_key’ undeclared (first use in this function); did you mean ‘hf_kerberos_encKDCRepPart_key’? ./asn1/kerberos/kerberos.cnf: In function ‘dissect_kerberos_T_encAPRepPart_subkey’: ./asn1/kerberos/kerberos.cnf:416:42: error: ‘save_EncAPRepPart_subkey’ undeclared (first use in this function); did you mean ‘hf_kerberos_encAPRepPart_subkey’? ./asn1/kerberos/kerberos.cnf: In function ‘dissect_kerberos_T_krbCredInfo_key’: ./asn1/kerberos/kerberos.cnf:455:42: error: ‘save_KrbCredInfo_key’ undeclared (first use in this function); did you mean ‘hf_kerberos_krbCredInfo_key’? cc1: all warnings being treated as errors Change-Id: Ib9e38c3d745dd8a12ac8e4691918770a8b876727 Reviewed-on: https://code.wireshark.org/review/37313 Petri-Dish: Dario Lombardo <lomato@gmail.com> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
author: Dario Lombardo <lomato@gmail.com> 2020-05-27 16:54:10 +0200
committer: Anders Broman <a.broman58@gmail.com> 2020-05-27 19:12:03 +0000
commit: fc35d510898c8e33ea5b2c91d2320942111ec7f7 (patch)
tree: e28e36556faed1c51292f7a9fe1d978adbbf2cf3 /epan
parent: 64d99d66629eb595f93994758b44b21410caae45 (diff)
3 files changed, 530 insertions, 277 deletions
diff --git a/epan/dissectors/asn1/kerberos/kerberos.cnf b/epan/dissectors/asn1/kerberos/kerberos.cnf
index 7aca8809d5..c9564adb82 100644
--- a/epan/dissectors/asn1/kerberos/kerberos.cnf
+++ b/epan/dissectors/asn1/kerberos/kerberos.cnf
@@ -45,7 +45,11 @@ AD-MANDATORY-FOR-KDC
 ChangePasswdDataMS
 EncryptedData
 EtypeList
+FastOptions
 KerberosFlags
+KrbFastFinished
+KrbFastResponse
+KrbFastReq
 KRB5SignedPath
 KRB5SignedPathData
 KRB5SignedPathPrincipals
@@ -401,7 +405,9 @@ KrbFastArmorTypes PROT_PREFIX UPPER_CASE
 
 #.FN_BODY EncryptionKey
   kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
+##ifdef HAVE_KERBEROS
   int start_offset = offset;
+##endif
 
   %(DEFAULT_BODY)s
 
@@ -421,7 +427,9 @@ KrbFastArmorTypes PROT_PREFIX UPPER_CASE
   gint save_encryption_key_parent_hf_index = private_data->save_encryption_key_parent_hf_index;
   kerberos_key_save_fn saved_encryption_key_fn = private_data->save_encryption_key_fn;
   private_data->save_encryption_key_parent_hf_index = hf_kerberos_authenticator;
+##ifdef HAVE_KERBEROS
   private_data->save_encryption_key_fn = save_Authenticator_subkey;
+##endif
 %(DEFAULT_BODY)s
   private_data->save_encryption_key_parent_hf_index = save_encryption_key_parent_hf_index;
   private_data->save_encryption_key_fn = saved_encryption_key_fn;
@@ -431,7 +439,9 @@ KrbFastArmorTypes PROT_PREFIX UPPER_CASE
   gint save_encryption_key_parent_hf_index = private_data->save_encryption_key_parent_hf_index;
   kerberos_key_save_fn saved_encryption_key_fn = private_data->save_encryption_key_fn;
   private_data->save_encryption_key_parent_hf_index = hf_kerberos_encAPRepPart;
+##ifdef HAVE_KERBEROS
   private_data->save_encryption_key_fn = save_EncAPRepPart_subkey;
+##endif
 %(DEFAULT_BODY)s
   private_data->save_encryption_key_parent_hf_index = save_encryption_key_parent_hf_index;
   private_data->save_encryption_key_fn = saved_encryption_key_fn;
@@ -450,7 +460,9 @@ KrbFastArmorTypes PROT_PREFIX UPPER_CASE
   default:
     private_data->save_encryption_key_parent_hf_index = -1;
   }
+##ifdef HAVE_KERBEROS
   private_data->save_encryption_key_fn = save_EncKDCRepPart_key;
+##endif
 %(DEFAULT_BODY)s
   private_data->save_encryption_key_parent_hf_index = save_encryption_key_parent_hf_index;
   private_data->save_encryption_key_fn = saved_encryption_key_fn;
@@ -460,7 +472,9 @@ KrbFastArmorTypes PROT_PREFIX UPPER_CASE
   gint save_encryption_key_parent_hf_index = private_data->save_encryption_key_parent_hf_index;
   kerberos_key_save_fn saved_encryption_key_fn = private_data->save_encryption_key_fn;
   private_data->save_encryption_key_parent_hf_index = hf_kerberos_encTicketPart;
+##ifdef HAVE_KERBEROS
   private_data->save_encryption_key_fn = save_EncTicketPart_key;
+##endif
 %(DEFAULT_BODY)s
   private_data->save_encryption_key_parent_hf_index = save_encryption_key_parent_hf_index;
   private_data->save_encryption_key_fn = saved_encryption_key_fn;
@@ -470,17 +484,9 @@ KrbFastArmorTypes PROT_PREFIX UPPER_CASE
   gint save_encryption_key_parent_hf_index = private_data->save_encryption_key_parent_hf_index;
   kerberos_key_save_fn saved_encryption_key_fn = private_data->save_encryption_key_fn;
   private_data->save_encryption_key_parent_hf_index = hf_kerberos_ticket_info_item;
+##ifdef HAVE_KERBEROS
   private_data->save_encryption_key_fn = save_KrbCredInfo_key;
-%(DEFAULT_BODY)s
-  private_data->save_encryption_key_parent_hf_index = save_encryption_key_parent_hf_index;
-  private_data->save_encryption_key_fn = saved_encryption_key_fn;
-
-#.FN_BODY KrbFastResponse/strengthen-key
-  kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
-  gint save_encryption_key_parent_hf_index = private_data->save_encryption_key_parent_hf_index;
-  kerberos_key_save_fn saved_encryption_key_fn = private_data->save_encryption_key_fn;
-  private_data->save_encryption_key_parent_hf_index = hf_kerberos_KrbFastResponse;
-  private_data->save_encryption_key_fn = save_KrbFastResponse_strengthen_key;
+##endif
 %(DEFAULT_BODY)s
   private_data->save_encryption_key_parent_hf_index = save_encryption_key_parent_hf_index;
   private_data->save_encryption_key_fn = saved_encryption_key_fn;
diff --git a/epan/dissectors/asn1/kerberos/packet-kerberos-template.c b/epan/dissectors/asn1/kerberos/packet-kerberos-template.c
index 0ae06b23db..9d551c2937 100644
--- a/epan/dissectors/asn1/kerberos/packet-kerberos-template.c
+++ b/epan/dissectors/asn1/kerberos/packet-kerberos-template.c
@@ -114,8 +114,10 @@ typedef struct {
 	guint32 ad_type;
 	guint32 addr_type;
 	guint32 checksum_type;
+#ifdef HAVE_KERBEROS
 	enc_key_t *last_decryption_key;
 	enc_key_t *last_added_key;
+#endif
 	gint save_encryption_key_parent_hf_index;
 	kerberos_key_save_fn save_encryption_key_fn;
 	guint learnt_key_ids;
@@ -124,14 +126,18 @@ typedef struct {
 	wmem_list_t *learnt_keys;
 	wmem_list_t *missing_keys;
 	guint32 within_PA_TGS_REQ;
+#ifdef HAVE_KERBEROS
 	enc_key_t *PA_TGS_REQ_key;
 	enc_key_t *PA_TGS_REQ_subkey;
+#endif
 	guint32 fast_type;
 	guint32 fast_armor_within_armor_value;
+#ifdef HAVE_KERBEROS
 	enc_key_t *PA_FAST_ARMOR_AP_key;
 	enc_key_t *PA_FAST_ARMOR_AP_subkey;
 	enc_key_t *fast_armor_key;
 	enc_key_t *fast_strengthen_key;
+#endif
 } kerberos_private_data_t;
 
 static dissector_handle_t kerberos_handle_udp;
@@ -156,8 +162,11 @@ static int dissect_kerberos_PA_FX_FAST_REPLY(gboolean implicit_tag _U_, tvbuff_t
 static int dissect_kerberos_PA_PAC_OPTIONS(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
 static int dissect_kerberos_KERB_AD_RESTRICTION_ENTRY(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
 static int dissect_kerberos_SEQUENCE_OF_ENCTYPE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
+#ifdef HAVE_KERBEROS
 static int dissect_kerberos_KrbFastReq(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
 static int dissect_kerberos_KrbFastResponse(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
+static int dissect_kerberos_FastOptions(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
+#endif
 
 /* Desegment Kerberos over TCP messages */
 static gboolean krb_desegment = TRUE;
@@ -233,10 +242,32 @@ static gint hf_krb_ad_ap_options = -1;
 static gint hf_krb_ad_ap_options_cbt = -1;
 static gint hf_krb_ad_target_principal = -1;
 static gint hf_krb_key_hidden_item = -1;
-static gint hf_kerberos_KrbFastResponse = -1;
 #ifdef HAVE_KERBEROS
+static gint hf_kerberos_KrbFastResponse = -1;
+static gint hf_kerberos_strengthen_key = -1;
+static gint hf_kerberos_finished = -1;
+static gint hf_kerberos_fast_options = -1;
+static gint hf_kerberos_ticket_checksum = -1;
 static gint hf_krb_patimestamp = -1;
 static gint hf_krb_pausec = -1;
+static gint hf_kerberos_FastOptions_reserved = -1;
+static gint hf_kerberos_FastOptions_hide_client_names = -1;
+static gint hf_kerberos_FastOptions_spare_bit2 = -1;
+static gint hf_kerberos_FastOptions_spare_bit3 = -1;
+static gint hf_kerberos_FastOptions_spare_bit4 = -1;
+static gint hf_kerberos_FastOptions_spare_bit5 = -1;
+static gint hf_kerberos_FastOptions_spare_bit6 = -1;
+static gint hf_kerberos_FastOptions_spare_bit7 = -1;
+static gint hf_kerberos_FastOptions_spare_bit8 = -1;
+static gint hf_kerberos_FastOptions_spare_bit9 = -1;
+static gint hf_kerberos_FastOptions_spare_bit10 = -1;
+static gint hf_kerberos_FastOptions_spare_bit11 = -1;
+static gint hf_kerberos_FastOptions_spare_bit12 = -1;
+static gint hf_kerberos_FastOptions_spare_bit13 = -1;
+static gint hf_kerberos_FastOptions_spare_bit14 = -1;
+static gint hf_kerberos_FastOptions_spare_bit15 = -1;
+static gint hf_kerberos_FastOptions_kdc_follow_referrals = -1;
+
 #endif
 #include "packet-kerberos-hf.c"
 
@@ -258,6 +289,10 @@ static gint ett_krb_pa_supported_enctypes = -1;
 static gint ett_krb_ad_ap_options = -1;
 #ifdef HAVE_KERBEROS
 static gint ett_krb_pa_enc_ts_enc = -1;
+static gint ett_kerberos_KrbFastFinished = -1;
+static gint ett_kerberos_KrbFastResponse = -1;
+static gint ett_kerberos_KrbFastReq = -1;
+static gint ett_kerberos_FastOptions = -1;
 #endif
 #include "packet-kerberos-ett.c"
 
@@ -3795,6 +3830,102 @@ dissect_kerberos_PA_ENC_TS_ENC(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int
 									PA_ENC_TS_ENC_sequence, hf_index, ett_krb_pa_enc_ts_enc);
 	return offset;
 }
+
+static int
+dissect_kerberos_T_strengthen_key(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+#line 491 "./asn1/kerberos/kerberos.cnf"
+  kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
+  gint save_encryption_key_parent_hf_index = private_data->save_encryption_key_parent_hf_index;
+  kerberos_key_save_fn saved_encryption_key_fn = private_data->save_encryption_key_fn;
+  private_data->save_encryption_key_parent_hf_index = hf_kerberos_KrbFastResponse;
+#ifdef HAVE_KERBEROS
+  private_data->save_encryption_key_fn = save_KrbFastResponse_strengthen_key;
+#endif
+  offset = dissect_kerberos_EncryptionKey(implicit_tag, tvb, offset, actx, tree, hf_index);
+
+  private_data->save_encryption_key_parent_hf_index = save_encryption_key_parent_hf_index;
+  private_data->save_encryption_key_fn = saved_encryption_key_fn;
+  return offset;
+}
+
+static const ber_sequence_t KrbFastFinished_sequence[] = {
+  { &hf_kerberos_timestamp  , BER_CLASS_CON, 0, 0, dissect_kerberos_KerberosTime },
+  { &hf_kerberos_usec       , BER_CLASS_CON, 1, 0, dissect_kerberos_Microseconds },
+  { &hf_kerberos_crealm     , BER_CLASS_CON, 2, 0, dissect_kerberos_Realm },
+  { &hf_kerberos_cname_01   , BER_CLASS_CON, 3, 0, dissect_kerberos_PrincipalName },
+  { &hf_kerberos_ticket_checksum, BER_CLASS_CON, 4, 0, dissect_kerberos_Checksum },
+  { NULL, 0, 0, 0, NULL }
+};
+
+static int
+dissect_kerberos_KrbFastFinished(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+  offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
+                                   KrbFastFinished_sequence, hf_index, ett_kerberos_KrbFastFinished);
+
+  return offset;
+}
+
+static const ber_sequence_t KrbFastResponse_sequence[] = {
+  { &hf_kerberos_padata     , BER_CLASS_CON, 0, 0, dissect_kerberos_SEQUENCE_OF_PA_DATA },
+  { &hf_kerberos_strengthen_key, BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_T_strengthen_key },
+  { &hf_kerberos_finished   , BER_CLASS_CON, 2, BER_FLAGS_OPTIONAL, dissect_kerberos_KrbFastFinished },
+  { &hf_kerberos_nonce      , BER_CLASS_CON, 3, 0, dissect_kerberos_UInt32 },
+  { NULL, 0, 0, 0, NULL }
+};
+
+static int
+dissect_kerberos_KrbFastResponse(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+  offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
+                                   KrbFastResponse_sequence, hf_index, ett_kerberos_KrbFastResponse);
+
+  return offset;
+}
+
+static const ber_sequence_t KrbFastReq_sequence[] = {
+  { &hf_kerberos_fast_options, BER_CLASS_CON, 0, 0, dissect_kerberos_FastOptions },
+  { &hf_kerberos_padata     , BER_CLASS_CON, 1, 0, dissect_kerberos_SEQUENCE_OF_PA_DATA },
+  { &hf_kerberos_req_body   , BER_CLASS_CON, 2, 0, dissect_kerberos_KDC_REQ_BODY },
+  { NULL, 0, 0, 0, NULL }
+};
+
+static int
+dissect_kerberos_KrbFastReq(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+  offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
+                                   KrbFastReq_sequence, hf_index, ett_kerberos_KrbFastReq);
+
+  return offset;
+}
+
+static const int * FastOptions_bits[] = {
+  &hf_kerberos_FastOptions_reserved,
+  &hf_kerberos_FastOptions_hide_client_names,
+  &hf_kerberos_FastOptions_spare_bit2,
+  &hf_kerberos_FastOptions_spare_bit3,
+  &hf_kerberos_FastOptions_spare_bit4,
+  &hf_kerberos_FastOptions_spare_bit5,
+  &hf_kerberos_FastOptions_spare_bit6,
+  &hf_kerberos_FastOptions_spare_bit7,
+  &hf_kerberos_FastOptions_spare_bit8,
+  &hf_kerberos_FastOptions_spare_bit9,
+  &hf_kerberos_FastOptions_spare_bit10,
+  &hf_kerberos_FastOptions_spare_bit11,
+  &hf_kerberos_FastOptions_spare_bit12,
+  &hf_kerberos_FastOptions_spare_bit13,
+  &hf_kerberos_FastOptions_spare_bit14,
+  &hf_kerberos_FastOptions_spare_bit15,
+  &hf_kerberos_FastOptions_kdc_follow_referrals,
+  NULL
+};
+
+static int
+dissect_kerberos_FastOptions(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+  offset = dissect_ber_bitstring(implicit_tag, actx, tree, tvb, offset,
+                                    FastOptions_bits, 17, hf_index, ett_kerberos_FastOptions,
+                                    NULL);
+
+  return offset;
+}
+
 #endif
 
 /* Make wrappers around exported functions for now */
@@ -3834,8 +3965,13 @@ struct kerberos_display_key_state {
 };
 
 static void
+#ifdef HAVE_KERBEROS
 kerberos_display_key(gpointer data, gpointer userdata)
+#else
+kerberos_display_key(gpointer data _U_, gpointer userdata _U_)
+#endif
 {
+#ifdef HAVE_KERBEROS
 	struct kerberos_display_key_state *state =
 		(struct kerberos_display_key_state *)userdata;
 	const enc_key_t *ek = (const enc_key_t *)data;
@@ -3889,6 +4025,7 @@ kerberos_display_key(gpointer data, gpointer userdata)
 				       sek->keyvalue[2] & 0xFF, sek->keyvalue[3] & 0xFF);
 		sek = sek->same_list;
 	}
+#endif
 }
 
 static gint
@@ -4353,16 +4490,100 @@ void proto_register_kerberos(void) {
 	{ &hf_krb_key_hidden_item,
 	  { "KeyHiddenItem", "krb5.key_hidden_item",
 	    FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
+#ifdef HAVE_KERBEROS
 	{ &hf_kerberos_KrbFastResponse,
 	   { "KrbFastResponse", "kerberos.KrbFastResponse_element",
 	    FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
-#ifdef HAVE_KERBEROS
-	{ &hf_krb_patimestamp,
-	  { "patimestamp", "kerberos.patimestamp",
-	    FT_STRING, BASE_NONE, NULL, 0, "KerberosTime", HFILL }},
-	{ &hf_krb_pausec,
-	  { "pausec", "kerberos.pausec",
-	    FT_UINT32, BASE_DEC, NULL, 0, "Microseconds", HFILL }},
+	{ &hf_kerberos_strengthen_key,
+      { "strengthen-key", "kerberos.strengthen_key_element",
+        FT_NONE, BASE_NONE, NULL, 0,
+        NULL, HFILL }},
+    { &hf_kerberos_finished,
+      { "finished", "kerberos.finished_element",
+        FT_NONE, BASE_NONE, NULL, 0,
+        "KrbFastFinished", HFILL }},
+    { &hf_kerberos_fast_options,
+      { "fast-options", "kerberos.fast_options",
+        FT_BYTES, BASE_NONE, NULL, 0,
+        "FastOptions", HFILL }},
+    { &hf_kerberos_FastOptions_reserved,
+      { "reserved", "kerberos.FastOptions.reserved",
+        FT_BOOLEAN, 8, NULL, 0x80,
+        NULL, HFILL }},
+    { &hf_kerberos_FastOptions_hide_client_names,
+      { "hide-client-names", "kerberos.FastOptions.hide.client.names",
+        FT_BOOLEAN, 8, NULL, 0x40,
+        NULL, HFILL }},
+    { &hf_kerberos_FastOptions_spare_bit2,
+      { "spare_bit2", "kerberos.FastOptions.spare.bit2",
+        FT_BOOLEAN, 8, NULL, 0x20,
+        NULL, HFILL }},
+    { &hf_kerberos_FastOptions_spare_bit3,
+      { "spare_bit3", "kerberos.FastOptions.spare.bit3",
+        FT_BOOLEAN, 8, NULL, 0x10,
+        NULL, HFILL }},
+    { &hf_kerberos_FastOptions_spare_bit4,
+      { "spare_bit4", "kerberos.FastOptions.spare.bit4",
+        FT_BOOLEAN, 8, NULL, 0x08,
+        NULL, HFILL }},
+    { &hf_kerberos_FastOptions_spare_bit5,
+      { "spare_bit5", "kerberos.FastOptions.spare.bit5",
+        FT_BOOLEAN, 8, NULL, 0x04,
+        NULL, HFILL }},
+    { &hf_kerberos_FastOptions_spare_bit6,
+      { "spare_bit6", "kerberos.FastOptions.spare.bit6",
+        FT_BOOLEAN, 8, NULL, 0x02,
+        NULL, HFILL }},
+    { &hf_kerberos_FastOptions_spare_bit7,
+      { "spare_bit7", "kerberos.FastOptions.spare.bit7",
+        FT_BOOLEAN, 8, NULL, 0x01,
+        NULL, HFILL }},
+    { &hf_kerberos_FastOptions_spare_bit8,
+      { "spare_bit8", "kerberos.FastOptions.spare.bit8",
+        FT_BOOLEAN, 8, NULL, 0x80,
+        NULL, HFILL }},
+    { &hf_kerberos_FastOptions_spare_bit9,
+      { "spare_bit9", "kerberos.FastOptions.spare.bit9",
+        FT_BOOLEAN, 8, NULL, 0x40,
+        NULL, HFILL }},
+    { &hf_kerberos_FastOptions_spare_bit10,
+      { "spare_bit10", "kerberos.FastOptions.spare.bit10",
+        FT_BOOLEAN, 8, NULL, 0x20,
+        NULL, HFILL }},
+    { &hf_kerberos_FastOptions_spare_bit11,
+      { "spare_bit11", "kerberos.FastOptions.spare.bit11",
+        FT_BOOLEAN, 8, NULL, 0x10,
+        NULL, HFILL }},
+    { &hf_kerberos_FastOptions_spare_bit12,
+      { "spare_bit12", "kerberos.FastOptions.spare.bit12",
+        FT_BOOLEAN, 8, NULL, 0x08,
+        NULL, HFILL }},
+    { &hf_kerberos_FastOptions_spare_bit13,
+      { "spare_bit13", "kerberos.FastOptions.spare.bit13",
+        FT_BOOLEAN, 8, NULL, 0x04,
+        NULL, HFILL }},
+    { &hf_kerberos_FastOptions_spare_bit14,
+      { "spare_bit14", "kerberos.FastOptions.spare.bit14",
+        FT_BOOLEAN, 8, NULL, 0x02,
+        NULL, HFILL }},
+    { &hf_kerberos_FastOptions_spare_bit15,
+      { "spare_bit15", "kerberos.FastOptions.spare.bit15",
+        FT_BOOLEAN, 8, NULL, 0x01,
+        NULL, HFILL }},
+    { &hf_kerberos_FastOptions_kdc_follow_referrals,
+      { "kdc-follow-referrals", "kerberos.FastOptions.kdc.follow.referrals",
+        FT_BOOLEAN, 8, NULL, 0x80,
+        NULL, HFILL }},
+    { &hf_kerberos_ticket_checksum,
+      { "ticket-checksum", "kerberos.ticket_checksum_element",
+        FT_NONE, BASE_NONE, NULL, 0,
+        "Checksum", HFILL }},
+    { &hf_krb_patimestamp,
+      { "patimestamp", "kerberos.patimestamp",
+        FT_STRING, BASE_NONE, NULL, 0, "KerberosTime", HFILL }},
+    { &hf_krb_pausec,
+      { "pausec", "kerberos.pausec",
+        FT_UINT32, BASE_DEC, NULL, 0, "Microseconds", HFILL }},
 #endif
 
 #include "packet-kerberos-hfarr.c"
@@ -4387,6 +4608,10 @@ void proto_register_kerberos(void) {
 		&ett_krb_ad_ap_options,
 #ifdef HAVE_KERBEROS
 		&ett_krb_pa_enc_ts_enc,
+	    &ett_kerberos_KrbFastFinished,
+	    &ett_kerberos_KrbFastResponse,
+        &ett_kerberos_KrbFastReq,
+        &ett_kerberos_FastOptions,
 #endif
 #include "packet-kerberos-ettarr.c"
 	};
diff --git a/epan/dissectors/packet-kerberos.c b/epan/dissectors/packet-kerberos.c
index 73fdd64500..9a33ad20ce 100644
--- a/epan/dissectors/packet-kerberos.c
+++ b/epan/dissectors/packet-kerberos.c
@@ -122,8 +122,10 @@ typedef struct {
 	guint32 ad_type;
 	guint32 addr_type;
 	guint32 checksum_type;
+#ifdef HAVE_KERBEROS
 	enc_key_t *last_decryption_key;
 	enc_key_t *last_added_key;
+#endif
 	gint save_encryption_key_parent_hf_index;
 	kerberos_key_save_fn save_encryption_key_fn;
 	guint learnt_key_ids;
@@ -132,14 +134,18 @@ typedef struct {
 	wmem_list_t *learnt_keys;
 	wmem_list_t *missing_keys;
 	guint32 within_PA_TGS_REQ;
+#ifdef HAVE_KERBEROS
 	enc_key_t *PA_TGS_REQ_key;
 	enc_key_t *PA_TGS_REQ_subkey;
+#endif
 	guint32 fast_type;
 	guint32 fast_armor_within_armor_value;
+#ifdef HAVE_KERBEROS
 	enc_key_t *PA_FAST_ARMOR_AP_key;
 	enc_key_t *PA_FAST_ARMOR_AP_subkey;
 	enc_key_t *fast_armor_key;
 	enc_key_t *fast_strengthen_key;
+#endif
 } kerberos_private_data_t;
 
 static dissector_handle_t kerberos_handle_udp;
@@ -164,8 +170,11 @@ static int dissect_kerberos_PA_FX_FAST_REPLY(gboolean implicit_tag _U_, tvbuff_t
 static int dissect_kerberos_PA_PAC_OPTIONS(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
 static int dissect_kerberos_KERB_AD_RESTRICTION_ENTRY(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
 static int dissect_kerberos_SEQUENCE_OF_ENCTYPE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
+#ifdef HAVE_KERBEROS
 static int dissect_kerberos_KrbFastReq(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
 static int dissect_kerberos_KrbFastResponse(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
+static int dissect_kerberos_FastOptions(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_);
+#endif
 
 /* Desegment Kerberos over TCP messages */
 static gboolean krb_desegment = TRUE;
@@ -241,10 +250,32 @@ static gint hf_krb_ad_ap_options = -1;
 static gint hf_krb_ad_ap_options_cbt = -1;
 static gint hf_krb_ad_target_principal = -1;
 static gint hf_krb_key_hidden_item = -1;
-static gint hf_kerberos_KrbFastResponse = -1;
 #ifdef HAVE_KERBEROS
+static gint hf_kerberos_KrbFastResponse = -1;
+static gint hf_kerberos_strengthen_key = -1;
+static gint hf_kerberos_finished = -1;
+static gint hf_kerberos_fast_options = -1;
+static gint hf_kerberos_ticket_checksum = -1;
 static gint hf_krb_patimestamp = -1;
 static gint hf_krb_pausec = -1;
+static gint hf_kerberos_FastOptions_reserved = -1;
+static gint hf_kerberos_FastOptions_hide_client_names = -1;
+static gint hf_kerberos_FastOptions_spare_bit2 = -1;
+static gint hf_kerberos_FastOptions_spare_bit3 = -1;
+static gint hf_kerberos_FastOptions_spare_bit4 = -1;
+static gint hf_kerberos_FastOptions_spare_bit5 = -1;
+static gint hf_kerberos_FastOptions_spare_bit6 = -1;
+static gint hf_kerberos_FastOptions_spare_bit7 = -1;
+static gint hf_kerberos_FastOptions_spare_bit8 = -1;
+static gint hf_kerberos_FastOptions_spare_bit9 = -1;
+static gint hf_kerberos_FastOptions_spare_bit10 = -1;
+static gint hf_kerberos_FastOptions_spare_bit11 = -1;
+static gint hf_kerberos_FastOptions_spare_bit12 = -1;
+static gint hf_kerberos_FastOptions_spare_bit13 = -1;
+static gint hf_kerberos_FastOptions_spare_bit14 = -1;
+static gint hf_kerberos_FastOptions_spare_bit15 = -1;
+static gint hf_kerberos_FastOptions_kdc_follow_referrals = -1;
+
 #endif
 
 /*--- Included file: packet-kerberos-hf.c ---*/
@@ -400,13 +431,9 @@ static int hf_kerberos_encryptedKrbFastReq_cipher = -1;  /* T_encryptedKrbFastRe
 static int hf_kerberos_armor = -1;                /* KrbFastArmor */
 static int hf_kerberos_req_checksum = -1;         /* Checksum */
 static int hf_kerberos_enc_fast_req = -1;         /* EncryptedKrbFastReq */
-static int hf_kerberos_fast_options = -1;         /* FastOptions */
 static int hf_kerberos_armored_data_reply = -1;   /* KrbFastArmoredRep */
 static int hf_kerberos_encryptedKrbFastResponse_cipher = -1;  /* T_encryptedKrbFastResponse_cipher */
 static int hf_kerberos_enc_fast_rep = -1;         /* EncryptedKrbFastResponse */
-static int hf_kerberos_strengthen_key = -1;       /* T_strengthen_key */
-static int hf_kerberos_finished = -1;             /* KrbFastFinished */
-static int hf_kerberos_ticket_checksum = -1;      /* Checksum */
 static int hf_kerberos_encryptedChallenge_cipher = -1;  /* T_encryptedChallenge_cipher */
 /* named bits */
 static int hf_kerberos_APOptions_reserved = -1;
@@ -465,26 +492,9 @@ static int hf_kerberos_PAC_OPTIONS_FLAGS_claims = -1;
 static int hf_kerberos_PAC_OPTIONS_FLAGS_branch_aware = -1;
 static int hf_kerberos_PAC_OPTIONS_FLAGS_forward_to_full_dc = -1;
 static int hf_kerberos_PAC_OPTIONS_FLAGS_resource_based_constrained_delegation = -1;
-static int hf_kerberos_FastOptions_reserved = -1;
-static int hf_kerberos_FastOptions_hide_client_names = -1;
-static int hf_kerberos_FastOptions_spare_bit2 = -1;
-static int hf_kerberos_FastOptions_spare_bit3 = -1;
-static int hf_kerberos_FastOptions_spare_bit4 = -1;
-static int hf_kerberos_FastOptions_spare_bit5 = -1;
-static int hf_kerberos_FastOptions_spare_bit6 = -1;
-static int hf_kerberos_FastOptions_spare_bit7 = -1;
-static int hf_kerberos_FastOptions_spare_bit8 = -1;
-static int hf_kerberos_FastOptions_spare_bit9 = -1;
-static int hf_kerberos_FastOptions_spare_bit10 = -1;
-static int hf_kerberos_FastOptions_spare_bit11 = -1;
-static int hf_kerberos_FastOptions_spare_bit12 = -1;
-static int hf_kerberos_FastOptions_spare_bit13 = -1;
-static int hf_kerberos_FastOptions_spare_bit14 = -1;
-static int hf_kerberos_FastOptions_spare_bit15 = -1;
-static int hf_kerberos_FastOptions_kdc_follow_referrals = -1;
 
 /*--- End of included file: packet-kerberos-hf.c ---*/
-#line 242 "./asn1/kerberos/packet-kerberos-template.c"
+#line 273 "./asn1/kerberos/packet-kerberos-template.c"
 
 /* Initialize the subtree pointers */
 static gint ett_kerberos = -1;
@@ -504,6 +514,10 @@ static gint ett_krb_pa_supported_enctypes = -1;
 static gint ett_krb_ad_ap_options = -1;
 #ifdef HAVE_KERBEROS
 static gint ett_krb_pa_enc_ts_enc = -1;
+static gint ett_kerberos_KrbFastFinished = -1;
+static gint ett_kerberos_KrbFastResponse = -1;
+static gint ett_kerberos_KrbFastReq = -1;
+static gint ett_kerberos_FastOptions = -1;
 #endif
 
 /*--- Included file: packet-kerberos-ett.c ---*/
@@ -576,17 +590,13 @@ static gint ett_kerberos_KrbFastArmor = -1;
 static gint ett_kerberos_PA_FX_FAST_REQUEST = -1;
 static gint ett_kerberos_EncryptedKrbFastReq = -1;
 static gint ett_kerberos_KrbFastArmoredReq = -1;
-static gint ett_kerberos_KrbFastReq = -1;
-static gint ett_kerberos_FastOptions = -1;
 static gint ett_kerberos_PA_FX_FAST_REPLY = -1;
 static gint ett_kerberos_EncryptedKrbFastResponse = -1;
 static gint ett_kerberos_KrbFastArmoredRep = -1;
-static gint ett_kerberos_KrbFastResponse = -1;
-static gint ett_kerberos_KrbFastFinished = -1;
 static gint ett_kerberos_EncryptedChallenge = -1;
 
 /*--- End of included file: packet-kerberos-ett.c ---*/
-#line 263 "./asn1/kerberos/packet-kerberos-template.c"
+#line 298 "./asn1/kerberos/packet-kerberos-template.c"
 
 static expert_field ei_kerberos_missing_keytype = EI_INIT;
 static expert_field ei_kerberos_decrypted_keytype = EI_INIT;
@@ -714,7 +724,7 @@ typedef enum _KERBEROS_KRBFASTARMORTYPES_enum {
 } KERBEROS_KRBFASTARMORTYPES_enum;
 
 /*--- End of included file: packet-kerberos-val.h ---*/
-#line 277 "./asn1/kerberos/packet-kerberos-template.c"
+#line 312 "./asn1/kerberos/packet-kerberos-template.c"
 
 static void
 call_kerberos_callbacks(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int tag, kerberos_callbacks *cb)
@@ -4367,7 +4377,7 @@ static const value_string kerberos_ENCTYPE_vals[] = {
 
 static int
 dissect_kerberos_ENCTYPE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 301 "./asn1/kerberos/kerberos.cnf"
+#line 305 "./asn1/kerberos/kerberos.cnf"
   kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
   offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
                                                 &(private_data->etype));
@@ -4392,7 +4402,7 @@ dissect_kerberos_UInt32(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset
 
 static int
 dissect_kerberos_T_encryptedTicketData_cipher(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 305 "./asn1/kerberos/kerberos.cnf"
+#line 309 "./asn1/kerberos/kerberos.cnf"
 #ifdef HAVE_KERBEROS
   offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_ticket_data);
 #else
@@ -4519,7 +4529,7 @@ static const value_string kerberos_CKSUMTYPE_vals[] = {
 
 static int
 dissect_kerberos_CKSUMTYPE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 361 "./asn1/kerberos/kerberos.cnf"
+#line 365 "./asn1/kerberos/kerberos.cnf"
   kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
   offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
                                                 &(private_data->checksum_type));
@@ -4534,7 +4544,7 @@ dissect_kerberos_CKSUMTYPE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int off
 
 static int
 dissect_kerberos_T_checksum(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 365 "./asn1/kerberos/kerberos.cnf"
+#line 369 "./asn1/kerberos/kerberos.cnf"
   tvbuff_t *next_tvb;
   kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
 
@@ -4601,7 +4611,7 @@ dissect_kerberos_Int32(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset
 
 static int
 dissect_kerberos_T_keytype(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 379 "./asn1/kerberos/kerberos.cnf"
+#line 383 "./asn1/kerberos/kerberos.cnf"
   kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
 
   private_data->key_hidden_item = proto_tree_add_item(tree, hf_krb_key_hidden_item,
@@ -4623,7 +4633,7 @@ dissect_kerberos_T_keytype(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int off
 
 static int
 dissect_kerberos_T_keyvalue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 392 "./asn1/kerberos/kerberos.cnf"
+#line 396 "./asn1/kerberos/kerberos.cnf"
   tvbuff_t *out_tvb;
   kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
 
@@ -4650,9 +4660,11 @@ static const ber_sequence_t EncryptionKey_sequence[] = {
 
 static int
 dissect_kerberos_EncryptionKey(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 403 "./asn1/kerberos/kerberos.cnf"
+#line 407 "./asn1/kerberos/kerberos.cnf"
   kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
+#ifdef HAVE_KERBEROS
   int start_offset = offset;
+#endif
 
     offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
                                    EncryptionKey_sequence, hf_index, ett_kerberos_EncryptionKey);
@@ -4678,12 +4690,14 @@ dissect_kerberos_EncryptionKey(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int
 
 static int
 dissect_kerberos_T_authenticator_subkey(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 420 "./asn1/kerberos/kerberos.cnf"
+#line 426 "./asn1/kerberos/kerberos.cnf"
   kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
   gint save_encryption_key_parent_hf_index = private_data->save_encryption_key_parent_hf_index;
   kerberos_key_save_fn saved_encryption_key_fn = private_data->save_encryption_key_fn;
   private_data->save_encryption_key_parent_hf_index = hf_kerberos_authenticator;
+#ifdef HAVE_KERBEROS
   private_data->save_encryption_key_fn = save_Authenticator_subkey;
+#endif
   offset = dissect_kerberos_EncryptionKey(implicit_tag, tvb, offset, actx, tree, hf_index);
 
   private_data->save_encryption_key_parent_hf_index = save_encryption_key_parent_hf_index;
@@ -4725,7 +4739,7 @@ static const value_string kerberos_AUTHDATA_TYPE_vals[] = {
 
 static int
 dissect_kerberos_AUTHDATA_TYPE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 489 "./asn1/kerberos/kerberos.cnf"
+#line 495 "./asn1/kerberos/kerberos.cnf"
   kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
   offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
                                                 &(private_data->ad_type));
@@ -4740,7 +4754,7 @@ dissect_kerberos_AUTHDATA_TYPE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int
 
 static int
 dissect_kerberos_T_ad_data(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 493 "./asn1/kerberos/kerberos.cnf"
+#line 499 "./asn1/kerberos/kerberos.cnf"
   kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
 
   switch(private_data->ad_type){
@@ -4870,12 +4884,14 @@ dissect_kerberos_TicketFlags(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int o
 
 static int
 dissect_kerberos_T_encTicketPart_key(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 459 "./asn1/kerberos/kerberos.cnf"
+#line 471 "./asn1/kerberos/kerberos.cnf"
   kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
   gint save_encryption_key_parent_hf_index = private_data->save_encryption_key_parent_hf_index;
   kerberos_key_save_fn saved_encryption_key_fn = private_data->save_encryption_key_fn;
   private_data->save_encryption_key_parent_hf_index = hf_kerberos_encTicketPart;
+#ifdef HAVE_KERBEROS
   private_data->save_encryption_key_fn = save_EncTicketPart_key;
+#endif
   offset = dissect_kerberos_EncryptionKey(implicit_tag, tvb, offset, actx, tree, hf_index);
 
   private_data->save_encryption_key_parent_hf_index = save_encryption_key_parent_hf_index;
@@ -4927,7 +4943,7 @@ static const value_string kerberos_ADDR_TYPE_vals[] = {
 
 static int
 dissect_kerberos_ADDR_TYPE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 526 "./asn1/kerberos/kerberos.cnf"
+#line 532 "./asn1/kerberos/kerberos.cnf"
   kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
   offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
                                                 &(private_data->addr_type));
@@ -4942,7 +4958,7 @@ dissect_kerberos_ADDR_TYPE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int off
 
 static int
 dissect_kerberos_T_address(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 250 "./asn1/kerberos/kerberos.cnf"
+#line 254 "./asn1/kerberos/kerberos.cnf"
   gint8 appclass;
   gboolean pc;
   gint32 tag;
@@ -5075,7 +5091,7 @@ static const value_string kerberos_MESSAGE_TYPE_vals[] = {
 
 static int
 dissect_kerberos_MESSAGE_TYPE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 87 "./asn1/kerberos/kerberos.cnf"
+#line 91 "./asn1/kerberos/kerberos.cnf"
   kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
   guint32 msgtype;
 
@@ -5085,7 +5101,7 @@ dissect_kerberos_MESSAGE_TYPE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int
 
 
 
-#line 93 "./asn1/kerberos/kerberos.cnf"
+#line 97 "./asn1/kerberos/kerberos.cnf"
   if (gbl_do_col_info) {
     col_add_str(actx->pinfo->cinfo, COL_INFO,
       val_to_str(msgtype, krb5_msg_types,
@@ -5177,14 +5193,14 @@ static const value_string kerberos_PADATA_TYPE_vals[] = {
 
 static int
 dissect_kerberos_PADATA_TYPE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 152 "./asn1/kerberos/kerberos.cnf"
+#line 156 "./asn1/kerberos/kerberos.cnf"
   kerberos_private_data_t* private_data = kerberos_get_private_data(actx);
   offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
                                                 &(private_data->padata_type));
 
 
 
-#line 155 "./asn1/kerberos/kerberos.cnf"
+#line 159 "./asn1/kerberos/kerberos.cnf"
   if(tree){
     proto_item_append_text(tree, " %s",
       val_to_str(private_data->padata_type, kerberos_PADATA_TYPE_vals,
@@ -5199,7 +5215,7 @@ dissect_kerberos_PADATA_TYPE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int o
 
 static int
 dissect_kerberos_T_padata_value(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 162 "./asn1/kerberos/kerberos.cnf"
+#line 166 "./asn1/kerberos/kerberos.cnf"
   proto_tree *sub_tree=tree;
   kerberos_private_data_t* private_data = kerberos_get_private_data(actx);
 
@@ -5383,7 +5399,7 @@ dissect_kerberos_SEQUENCE_OF_ENCTYPE(gboolean implicit_tag _U_, tvbuff_t *tvb _U
 
 static int
 dissect_kerberos_T_encryptedAuthorizationData_cipher(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 312 "./asn1/kerberos/kerberos.cnf"
+#line 316 "./asn1/kerberos/kerberos.cnf"
 #ifdef HAVE_KERBEROS
   offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_authorization_data);
 #else
@@ -5445,7 +5461,7 @@ static const ber_sequence_t KDC_REQ_BODY_sequence[] = {
 
 static int
 dissect_kerberos_KDC_REQ_BODY(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 530 "./asn1/kerberos/kerberos.cnf"
+#line 536 "./asn1/kerberos/kerberos.cnf"
   conversation_t *conversation;
 
   /*
@@ -5506,7 +5522,7 @@ dissect_kerberos_AS_REQ(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset
 
 static int
 dissect_kerberos_T_encryptedKDCREPData_cipher(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 326 "./asn1/kerberos/kerberos.cnf"
+#line 330 "./asn1/kerberos/kerberos.cnf"
 #ifdef HAVE_KERBEROS
   offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_KDC_REP_data);
 #else
@@ -5607,7 +5623,7 @@ dissect_kerberos_APOptions(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int off
 
 static int
 dissect_kerberos_T_encryptedAuthenticator_cipher(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 319 "./asn1/kerberos/kerberos.cnf"
+#line 323 "./asn1/kerberos/kerberos.cnf"
 #ifdef HAVE_KERBEROS
   offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_authenticator_data);
 #else
@@ -5669,7 +5685,7 @@ dissect_kerberos_AP_REQ(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset
 
 static int
 dissect_kerberos_T_encryptedAPREPData_cipher(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 340 "./asn1/kerberos/kerberos.cnf"
+#line 344 "./asn1/kerberos/kerberos.cnf"
 #ifdef HAVE_KERBEROS
   offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_AP_REP_data);
 #else
@@ -5729,7 +5745,7 @@ dissect_kerberos_AP_REP(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset
 
 static int
 dissect_kerberos_T_kRB_SAFE_BODY_user_data(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 553 "./asn1/kerberos/kerberos.cnf"
+#line 559 "./asn1/kerberos/kerberos.cnf"
   kerberos_private_data_t* private_data = kerberos_get_private_data(actx);
   tvbuff_t *new_tvb;
   offset=dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_index, &new_tvb);
@@ -5792,7 +5808,7 @@ dissect_kerberos_KRB_SAFE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offs
 
 static int
 dissect_kerberos_T_encryptedKrbPrivData_cipher(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 347 "./asn1/kerberos/kerberos.cnf"
+#line 351 "./asn1/kerberos/kerberos.cnf"
 #ifdef HAVE_KERBEROS
   offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_PRIV_data);
 #else
@@ -5852,7 +5868,7 @@ dissect_kerberos_KRB_PRIV(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offs
 
 static int
 dissect_kerberos_T_encryptedKrbCredData_cipher(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 354 "./asn1/kerberos/kerberos.cnf"
+#line 358 "./asn1/kerberos/kerberos.cnf"
 #ifdef HAVE_KERBEROS
   offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_CRED_data);
 #else
@@ -5913,7 +5929,7 @@ dissect_kerberos_KRB_CRED(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offs
 
 static int
 dissect_kerberos_T_encKDCRepPart_key(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 440 "./asn1/kerberos/kerberos.cnf"
+#line 450 "./asn1/kerberos/kerberos.cnf"
   kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
   gint save_encryption_key_parent_hf_index = private_data->save_encryption_key_parent_hf_index;
   kerberos_key_save_fn saved_encryption_key_fn = private_data->save_encryption_key_fn;
@@ -5927,7 +5943,9 @@ dissect_kerberos_T_encKDCRepPart_key(gboolean implicit_tag _U_, tvbuff_t *tvb _U
   default:
     private_data->save_encryption_key_parent_hf_index = -1;
   }
+#ifdef HAVE_KERBEROS
   private_data->save_encryption_key_fn = save_EncKDCRepPart_key;
+#endif
   offset = dissect_kerberos_EncryptionKey(implicit_tag, tvb, offset, actx, tree, hf_index);
 
   private_data->save_encryption_key_parent_hf_index = save_encryption_key_parent_hf_index;
@@ -6005,14 +6023,14 @@ dissect_kerberos_METHOD_DATA(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int o
 
 static int
 dissect_kerberos_T_encrypted_pa_data(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 569 "./asn1/kerberos/kerberos.cnf"
+#line 575 "./asn1/kerberos/kerberos.cnf"
   kerberos_private_data_t* private_data = kerberos_get_private_data(actx);
   private_data->is_enc_padata = TRUE;
 
 
   offset = dissect_kerberos_METHOD_DATA(implicit_tag, tvb, offset, actx, tree, hf_index);
 
-#line 573 "./asn1/kerberos/kerberos.cnf"
+#line 579 "./asn1/kerberos/kerberos.cnf"
   private_data->is_enc_padata = FALSE;
 
 
@@ -6069,12 +6087,14 @@ dissect_kerberos_EncTGSRepPart(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int
 
 static int
 dissect_kerberos_T_encAPRepPart_subkey(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 430 "./asn1/kerberos/kerberos.cnf"
+#line 438 "./asn1/kerberos/kerberos.cnf"
   kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
   gint save_encryption_key_parent_hf_index = private_data->save_encryption_key_parent_hf_index;
   kerberos_key_save_fn saved_encryption_key_fn = private_data->save_encryption_key_fn;
   private_data->save_encryption_key_parent_hf_index = hf_kerberos_encAPRepPart;
+#ifdef HAVE_KERBEROS
   private_data->save_encryption_key_fn = save_EncAPRepPart_subkey;
+#endif
   offset = dissect_kerberos_EncryptionKey(implicit_tag, tvb, offset, actx, tree, hf_index);
 
   private_data->save_encryption_key_parent_hf_index = save_encryption_key_parent_hf_index;
@@ -6116,7 +6136,7 @@ dissect_kerberos_EncAPRepPart(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int
 
 static int
 dissect_kerberos_T_encKrbPrivPart_user_data(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 561 "./asn1/kerberos/kerberos.cnf"
+#line 567 "./asn1/kerberos/kerberos.cnf"
   kerberos_private_data_t* private_data = kerberos_get_private_data(actx);
   tvbuff_t *new_tvb;
   offset=dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_index, &new_tvb);
@@ -6162,12 +6182,14 @@ dissect_kerberos_ENC_KRB_PRIV_PART(gboolean implicit_tag _U_, tvbuff_t *tvb _U_,
 
 static int
 dissect_kerberos_T_krbCredInfo_key(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 469 "./asn1/kerberos/kerberos.cnf"
+#line 483 "./asn1/kerberos/kerberos.cnf"
   kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
   gint save_encryption_key_parent_hf_index = private_data->save_encryption_key_parent_hf_index;
   kerberos_key_save_fn saved_encryption_key_fn = private_data->save_encryption_key_fn;
   private_data->save_encryption_key_parent_hf_index = hf_kerberos_ticket_info_item;
+#ifdef HAVE_KERBEROS
   private_data->save_encryption_key_fn = save_KrbCredInfo_key;
+#endif
   offset = dissect_kerberos_EncryptionKey(implicit_tag, tvb, offset, actx, tree, hf_index);
 
   private_data->save_encryption_key_parent_hf_index = save_encryption_key_parent_hf_index;
@@ -6349,7 +6371,7 @@ static const value_string kerberos_ERROR_CODE_vals[] = {
 
 static int
 dissect_kerberos_ERROR_CODE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 109 "./asn1/kerberos/kerberos.cnf"
+#line 113 "./asn1/kerberos/kerberos.cnf"
   kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
   offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
                                                 &private_data->errorcode);
@@ -6357,7 +6379,7 @@ dissect_kerberos_ERROR_CODE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int of
 
 
 
-#line 113 "./asn1/kerberos/kerberos.cnf"
+#line 117 "./asn1/kerberos/kerberos.cnf"
   if (private_data->errorcode) {
     col_add_fstr(actx->pinfo->cinfo, COL_INFO,
       "KRB Error: %s",
@@ -6373,7 +6395,7 @@ dissect_kerberos_ERROR_CODE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int of
 
 static int
 dissect_kerberos_T_e_data(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 122 "./asn1/kerberos/kerberos.cnf"
+#line 126 "./asn1/kerberos/kerberos.cnf"
   kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
 
   switch (private_data->errorcode) {
@@ -6481,7 +6503,7 @@ dissect_kerberos_Applications(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int
 
 static int
 dissect_kerberos_T_pA_ENC_TIMESTAMP_cipher(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 333 "./asn1/kerberos/kerberos.cnf"
+#line 337 "./asn1/kerberos/kerberos.cnf"
 #ifdef HAVE_KERBEROS
   offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_PA_ENC_TIMESTAMP);
 #else
@@ -6632,7 +6654,7 @@ dissect_kerberos_PA_S4U2Self(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int o
 
 static int
 dissect_kerberos_T_subject_certificate(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 523 "./asn1/kerberos/kerberos.cnf"
+#line 529 "./asn1/kerberos/kerberos.cnf"
   offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset,hf_index, dissect_x509af_Certificate);
 
 
@@ -6783,7 +6805,7 @@ static const value_string kerberos_KrbFastArmorTypes_vals[] = {
 
 static int
 dissect_kerberos_KrbFastArmorTypes(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 600 "./asn1/kerberos/kerberos.cnf"
+#line 606 "./asn1/kerberos/kerberos.cnf"
   kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
   offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index,
                                                 &(private_data->fast_type));
@@ -6798,7 +6820,7 @@ dissect_kerberos_KrbFastArmorTypes(gboolean implicit_tag _U_, tvbuff_t *tvb _U_,
 
 static int
 dissect_kerberos_T_armor_value(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 604 "./asn1/kerberos/kerberos.cnf"
+#line 610 "./asn1/kerberos/kerberos.cnf"
   kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
 
   switch(private_data->fast_type){
@@ -6835,7 +6857,7 @@ dissect_kerberos_KrbFastArmor(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int
 
 static int
 dissect_kerberos_T_encryptedKrbFastReq_cipher(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 576 "./asn1/kerberos/kerberos.cnf"
+#line 582 "./asn1/kerberos/kerberos.cnf"
 #ifdef HAVE_KERBEROS
   offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_KrbFastReq);
 #else
@@ -6898,57 +6920,10 @@ dissect_kerberos_PA_FX_FAST_REQUEST(gboolean implicit_tag _U_, tvbuff_t *tvb _U_
 }
 
 
-static const int * FastOptions_bits[] = {
-  &hf_kerberos_FastOptions_reserved,
-  &hf_kerberos_FastOptions_hide_client_names,
-  &hf_kerberos_FastOptions_spare_bit2,
-  &hf_kerberos_FastOptions_spare_bit3,
-  &hf_kerberos_FastOptions_spare_bit4,
-  &hf_kerberos_FastOptions_spare_bit5,
-  &hf_kerberos_FastOptions_spare_bit6,
-  &hf_kerberos_FastOptions_spare_bit7,
-  &hf_kerberos_FastOptions_spare_bit8,
-  &hf_kerberos_FastOptions_spare_bit9,
-  &hf_kerberos_FastOptions_spare_bit10,
-  &hf_kerberos_FastOptions_spare_bit11,
-  &hf_kerberos_FastOptions_spare_bit12,
-  &hf_kerberos_FastOptions_spare_bit13,
-  &hf_kerberos_FastOptions_spare_bit14,
-  &hf_kerberos_FastOptions_spare_bit15,
-  &hf_kerberos_FastOptions_kdc_follow_referrals,
-  NULL
-};
-
-static int
-dissect_kerberos_FastOptions(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-  offset = dissect_ber_bitstring(implicit_tag, actx, tree, tvb, offset,
-                                    FastOptions_bits, 17, hf_index, ett_kerberos_FastOptions,
-                                    NULL);
-
-  return offset;
-}
-
-
-static const ber_sequence_t KrbFastReq_sequence[] = {
-  { &hf_kerberos_fast_options, BER_CLASS_CON, 0, 0, dissect_kerberos_FastOptions },
-  { &hf_kerberos_padata     , BER_CLASS_CON, 1, 0, dissect_kerberos_SEQUENCE_OF_PA_DATA },
-  { &hf_kerberos_req_body   , BER_CLASS_CON, 2, 0, dissect_kerberos_KDC_REQ_BODY },
-  { NULL, 0, 0, 0, NULL }
-};
-
-static int
-dissect_kerberos_KrbFastReq(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-  offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
-                                   KrbFastReq_sequence, hf_index, ett_kerberos_KrbFastReq);
-
-  return offset;
-}
-
-
 
 static int
 dissect_kerberos_T_encryptedKrbFastResponse_cipher(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 584 "./asn1/kerberos/kerberos.cnf"
+#line 590 "./asn1/kerberos/kerberos.cnf"
 #ifdef HAVE_KERBEROS
   offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_KrbFastResponse);
 #else
@@ -7011,24 +6986,73 @@ dissect_kerberos_PA_FX_FAST_REPLY(gboolean implicit_tag _U_, tvbuff_t *tvb _U_,
 
 
 static int
+dissect_kerberos_T_encryptedChallenge_cipher(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+#line 598 "./asn1/kerberos/kerberos.cnf"
+#ifdef HAVE_KERBEROS
+  offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_EncryptedChallenge);
+#else
+  offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
+                                       NULL);
+
+#endif
+  return offset;
+
+
+
+  return offset;
+}
+
+
+static const ber_sequence_t EncryptedChallenge_sequence[] = {
+  { &hf_kerberos_etype      , BER_CLASS_CON, 0, 0, dissect_kerberos_ENCTYPE },
+  { &hf_kerberos_kvno       , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_UInt32 },
+  { &hf_kerberos_encryptedChallenge_cipher, BER_CLASS_CON, 2, 0, dissect_kerberos_T_encryptedChallenge_cipher },
+  { NULL, 0, 0, 0, NULL }
+};
+
+static int
+dissect_kerberos_EncryptedChallenge(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+  offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
+                                   EncryptedChallenge_sequence, hf_index, ett_kerberos_EncryptedChallenge);
+
+  return offset;
+}
+
+
+/*--- End of included file: packet-kerberos-fn.c ---*/
+#line 3819 "./asn1/kerberos/packet-kerberos-template.c"
+
+#ifdef HAVE_KERBEROS
+static const ber_sequence_t PA_ENC_TS_ENC_sequence[] = {
+	{ &hf_krb_patimestamp, BER_CLASS_CON, 0, 0, dissect_kerberos_KerberosTime },
+	{ &hf_krb_pausec     , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_Microseconds },
+	{ NULL, 0, 0, 0, NULL }
+};
+
+static int
+dissect_kerberos_PA_ENC_TS_ENC(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+	offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
+									PA_ENC_TS_ENC_sequence, hf_index, ett_krb_pa_enc_ts_enc);
+	return offset;
+}
+
+static int
 dissect_kerberos_T_strengthen_key(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 479 "./asn1/kerberos/kerberos.cnf"
+#line 491 "./asn1/kerberos/kerberos.cnf"
   kerberos_private_data_t *private_data = kerberos_get_private_data(actx);
   gint save_encryption_key_parent_hf_index = private_data->save_encryption_key_parent_hf_index;
   kerberos_key_save_fn saved_encryption_key_fn = private_data->save_encryption_key_fn;
   private_data->save_encryption_key_parent_hf_index = hf_kerberos_KrbFastResponse;
+#ifdef HAVE_KERBEROS
   private_data->save_encryption_key_fn = save_KrbFastResponse_strengthen_key;
+#endif
   offset = dissect_kerberos_EncryptionKey(implicit_tag, tvb, offset, actx, tree, hf_index);
 
   private_data->save_encryption_key_parent_hf_index = save_encryption_key_parent_hf_index;
   private_data->save_encryption_key_fn = saved_encryption_key_fn;
-
-
-
   return offset;
 }
 
-
 static const ber_sequence_t KrbFastFinished_sequence[] = {
   { &hf_kerberos_timestamp  , BER_CLASS_CON, 0, 0, dissect_kerberos_KerberosTime },
   { &hf_kerberos_usec       , BER_CLASS_CON, 1, 0, dissect_kerberos_Microseconds },
@@ -7046,7 +7070,6 @@ dissect_kerberos_KrbFastFinished(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, i
   return offset;
 }
 
-
 static const ber_sequence_t KrbFastResponse_sequence[] = {
   { &hf_kerberos_padata     , BER_CLASS_CON, 0, 0, dissect_kerberos_SEQUENCE_OF_PA_DATA },
   { &hf_kerberos_strengthen_key, BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_T_strengthen_key },
@@ -7063,58 +7086,51 @@ dissect_kerberos_KrbFastResponse(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, i
   return offset;
 }
 
-
-
-static int
-dissect_kerberos_T_encryptedChallenge_cipher(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-#line 592 "./asn1/kerberos/kerberos.cnf"
-#ifdef HAVE_KERBEROS
-  offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_EncryptedChallenge);
-#else
-  offset = dissect_ber_octet_string(implicit_tag, actx, tree, tvb, offset, hf_index,
-                                       NULL);
-
-#endif
-  return offset;
-
-
-
-  return offset;
-}
-
-
-static const ber_sequence_t EncryptedChallenge_sequence[] = {
-  { &hf_kerberos_etype      , BER_CLASS_CON, 0, 0, dissect_kerberos_ENCTYPE },
-  { &hf_kerberos_kvno       , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_UInt32 },
-  { &hf_kerberos_encryptedChallenge_cipher, BER_CLASS_CON, 2, 0, dissect_kerberos_T_encryptedChallenge_cipher },
+static const ber_sequence_t KrbFastReq_sequence[] = {
+  { &hf_kerberos_fast_options, BER_CLASS_CON, 0, 0, dissect_kerberos_FastOptions },
+  { &hf_kerberos_padata     , BER_CLASS_CON, 1, 0, dissect_kerberos_SEQUENCE_OF_PA_DATA },
+  { &hf_kerberos_req_body   , BER_CLASS_CON, 2, 0, dissect_kerberos_KDC_REQ_BODY },
   { NULL, 0, 0, 0, NULL }
 };
 
 static int
-dissect_kerberos_EncryptedChallenge(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+dissect_kerberos_KrbFastReq(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
   offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
-                                   EncryptedChallenge_sequence, hf_index, ett_kerberos_EncryptedChallenge);
+                                   KrbFastReq_sequence, hf_index, ett_kerberos_KrbFastReq);
 
   return offset;
 }
 
-
-/*--- End of included file: packet-kerberos-fn.c ---*/
-#line 3784 "./asn1/kerberos/packet-kerberos-template.c"
-
-#ifdef HAVE_KERBEROS
-static const ber_sequence_t PA_ENC_TS_ENC_sequence[] = {
-	{ &hf_krb_patimestamp, BER_CLASS_CON, 0, 0, dissect_kerberos_KerberosTime },
-	{ &hf_krb_pausec     , BER_CLASS_CON, 1, BER_FLAGS_OPTIONAL, dissect_kerberos_Microseconds },
-	{ NULL, 0, 0, 0, NULL }
+static const int * FastOptions_bits[] = {
+  &hf_kerberos_FastOptions_reserved,
+  &hf_kerberos_FastOptions_hide_client_names,
+  &hf_kerberos_FastOptions_spare_bit2,
+  &hf_kerberos_FastOptions_spare_bit3,
+  &hf_kerberos_FastOptions_spare_bit4,
+  &hf_kerberos_FastOptions_spare_bit5,
+  &hf_kerberos_FastOptions_spare_bit6,
+  &hf_kerberos_FastOptions_spare_bit7,
+  &hf_kerberos_FastOptions_spare_bit8,
+  &hf_kerberos_FastOptions_spare_bit9,
+  &hf_kerberos_FastOptions_spare_bit10,
+  &hf_kerberos_FastOptions_spare_bit11,
+  &hf_kerberos_FastOptions_spare_bit12,
+  &hf_kerberos_FastOptions_spare_bit13,
+  &hf_kerberos_FastOptions_spare_bit14,
+  &hf_kerberos_FastOptions_spare_bit15,
+  &hf_kerberos_FastOptions_kdc_follow_referrals,
+  NULL
 };
 
 static int
-dissect_kerberos_PA_ENC_TS_ENC(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
-	offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
-									PA_ENC_TS_ENC_sequence, hf_index, ett_krb_pa_enc_ts_enc);
-	return offset;
+dissect_kerberos_FastOptions(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+  offset = dissect_ber_bitstring(implicit_tag, actx, tree, tvb, offset,
+                                    FastOptions_bits, 17, hf_index, ett_kerberos_FastOptions,
+                                    NULL);
+
+  return offset;
 }
+
 #endif
 
 /* Make wrappers around exported functions for now */
@@ -7154,8 +7170,13 @@ struct kerberos_display_key_state {
 };
 
 static void
+#ifdef HAVE_KERBEROS
 kerberos_display_key(gpointer data, gpointer userdata)
+#else
+kerberos_display_key(gpointer data _U_, gpointer userdata _U_)
+#endif
 {
+#ifdef HAVE_KERBEROS
 	struct kerberos_display_key_state *state =
 		(struct kerberos_display_key_state *)userdata;
 	const enc_key_t *ek = (const enc_key_t *)data;
@@ -7209,6 +7230,7 @@ kerberos_display_key(gpointer data, gpointer userdata)
 				       sek->keyvalue[2] & 0xFF, sek->keyvalue[3] & 0xFF);
 		sek = sek->same_list;
 	}
+#endif
 }
 
 static gint
@@ -7673,16 +7695,100 @@ void proto_register_kerberos(void) {
 	{ &hf_krb_key_hidden_item,
 	  { "KeyHiddenItem", "krb5.key_hidden_item",
 	    FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
+#ifdef HAVE_KERBEROS
 	{ &hf_kerberos_KrbFastResponse,
 	   { "KrbFastResponse", "kerberos.KrbFastResponse_element",
 	    FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL }},
-#ifdef HAVE_KERBEROS
-	{ &hf_krb_patimestamp,
-	  { "patimestamp", "kerberos.patimestamp",
-	    FT_STRING, BASE_NONE, NULL, 0, "KerberosTime", HFILL }},
-	{ &hf_krb_pausec,
-	  { "pausec", "kerberos.pausec",
-	    FT_UINT32, BASE_DEC, NULL, 0, "Microseconds", HFILL }},
+	{ &hf_kerberos_strengthen_key,
+      { "strengthen-key", "kerberos.strengthen_key_element",
+        FT_NONE, BASE_NONE, NULL, 0,
+        NULL, HFILL }},
+    { &hf_kerberos_finished,
+      { "finished", "kerberos.finished_element",
+        FT_NONE, BASE_NONE, NULL, 0,
+        "KrbFastFinished", HFILL }},
+    { &hf_kerberos_fast_options,
+      { "fast-options", "kerberos.fast_options",
+        FT_BYTES, BASE_NONE, NULL, 0,
+        "FastOptions", HFILL }},
+    { &hf_kerberos_FastOptions_reserved,
+      { "reserved", "kerberos.FastOptions.reserved",
+        FT_BOOLEAN, 8, NULL, 0x80,
+        NULL, HFILL }},
+    { &hf_kerberos_FastOptions_hide_client_names,
+      { "hide-client-names", "kerberos.FastOptions.hide.client.names",
+        FT_BOOLEAN, 8, NULL, 0x40,
+        NULL, HFILL }},
+    { &hf_kerberos_FastOptions_spare_bit2,
+      { "spare_bit2", "kerberos.FastOptions.spare.bit2",
+        FT_BOOLEAN, 8, NULL, 0x20,
+        NULL, HFILL }},
+    { &hf_kerberos_FastOptions_spare_bit3,
+      { "spare_bit3", "kerberos.FastOptions.spare.bit3",
+        FT_BOOLEAN, 8, NULL, 0x10,
+        NULL, HFILL }},
+    { &hf_kerberos_FastOptions_spare_bit4,
+      { "spare_bit4", "kerberos.FastOptions.spare.bit4",
+        FT_BOOLEAN, 8, NULL, 0x08,
+        NULL, HFILL }},
+    { &hf_kerberos_FastOptions_spare_bit5,
+      { "spare_bit5", "kerberos.FastOptions.spare.bit5",
+        FT_BOOLEAN, 8, NULL, 0x04,
+        NULL, HFILL }},
+    { &hf_kerberos_FastOptions_spare_bit6,
+      { "spare_bit6", "kerberos.FastOptions.spare.bit6",
+        FT_BOOLEAN, 8, NULL, 0x02,
+        NULL, HFILL }},
+    { &hf_kerberos_FastOptions_spare_bit7,
+      { "spare_bit7", "kerberos.FastOptions.spare.bit7",
+        FT_BOOLEAN, 8, NULL, 0x01,
+        NULL, HFILL }},
+    { &hf_kerberos_FastOptions_spare_bit8,
+      { "spare_bit8", "kerberos.FastOptions.spare.bit8",
+        FT_BOOLEAN, 8, NULL, 0x80,
+        NULL, HFILL }},
+    { &hf_kerberos_FastOptions_spare_bit9,
+      { "spare_bit9", "kerberos.FastOptions.spare.bit9",
+        FT_BOOLEAN, 8, NULL, 0x40,
+        NULL, HFILL }},
+    { &hf_kerberos_FastOptions_spare_bit10,
+      { "spare_bit10", "kerberos.FastOptions.spare.bit10",
+        FT_BOOLEAN, 8, NULL, 0x20,
+        NULL, HFILL }},
+    { &hf_kerberos_FastOptions_spare_bit11,
+      { "spare_bit11", "kerberos.FastOptions.spare.bit11",
+        FT_BOOLEAN, 8, NULL, 0x10,
+        NULL, HFILL }},
+    { &hf_kerberos_FastOptions_spare_bit12,
+      { "spare_bit12", "kerberos.FastOptions.spare.bit12",
+        FT_BOOLEAN, 8, NULL, 0x08,
+        NULL, HFILL }},
+    { &hf_kerberos_FastOptions_spare_bit13,
+      { "spare_bit13", "kerberos.FastOptions.spare.bit13",
+        FT_BOOLEAN, 8, NULL, 0x04,
+        NULL, HFILL }},
+    { &hf_kerberos_FastOptions_spare_bit14,
+      { "spare_bit14", "kerberos.FastOptions.spare.bit14",
+        FT_BOOLEAN, 8, NULL, 0x02,
+        NULL, HFILL }},
+    { &hf_kerberos_FastOptions_spare_bit15,
+      { "spare_bit15", "kerberos.FastOptions.spare.bit15",
+        FT_BOOLEAN, 8, NULL, 0x01,
+        NULL, HFILL }},
+    { &hf_kerberos_FastOptions_kdc_follow_referrals,
+      { "kdc-follow-referrals", "kerberos.FastOptions.kdc.follow.referrals",
+        FT_BOOLEAN, 8, NULL, 0x80,
+        NULL, HFILL }},
+    { &hf_kerberos_ticket_checksum,
+      { "ticket-checksum", "kerberos.ticket_checksum_element",
+        FT_NONE, BASE_NONE, NULL, 0,
+        "Checksum", HFILL }},
+    { &hf_krb_patimestamp,
+      { "patimestamp", "kerberos.patimestamp",
+        FT_STRING, BASE_NONE, NULL, 0, "KerberosTime", HFILL }},
+    { &hf_krb_pausec,
+      { "pausec", "kerberos.pausec",
+        FT_UINT32, BASE_DEC, NULL, 0, "Microseconds", HFILL }},
 #endif
 
 
@@ -8292,10 +8398,6 @@ void proto_register_kerberos(void) {
       { "enc-fast-req", "kerberos.enc_fast_req_element",
         FT_NONE, BASE_NONE, NULL, 0,
         "EncryptedKrbFastReq", HFILL }},
-    { &hf_kerberos_fast_options,
-      { "fast-options", "kerberos.fast_options",
-        FT_BYTES, BASE_NONE, NULL, 0,
-        "FastOptions", HFILL }},
     { &hf_kerberos_armored_data_reply,
       { "armored-data", "kerberos.armored_data_element",
         FT_NONE, BASE_NONE, NULL, 0,
@@ -8308,18 +8410,6 @@ void proto_register_kerberos(void) {
       { "enc-fast-rep", "kerberos.enc_fast_rep_element",
         FT_NONE, BASE_NONE, NULL, 0,
         "EncryptedKrbFastResponse", HFILL }},
-    { &hf_kerberos_strengthen_key,
-      { "strengthen-key", "kerberos.strengthen_key_element",
-        FT_NONE, BASE_NONE, NULL, 0,
-        NULL, HFILL }},
-    { &hf_kerberos_finished,
-      { "finished", "kerberos.finished_element",
-        FT_NONE, BASE_NONE, NULL, 0,
-        "KrbFastFinished", HFILL }},
-    { &hf_kerberos_ticket_checksum,
-      { "ticket-checksum", "kerberos.ticket_checksum_element",
-        FT_NONE, BASE_NONE, NULL, 0,
-        "Checksum", HFILL }},
     { &hf_kerberos_encryptedChallenge_cipher,
       { "cipher", "kerberos.cipher",
         FT_BYTES, BASE_NONE, NULL, 0,
@@ -8548,77 +8638,9 @@ void proto_register_kerberos(void) {
       { "resource-based-constrained-delegation", "kerberos.PAC.OPTIONS.FLAGS.resource.based.constrained.delegation",
         FT_BOOLEAN, 8, NULL, 0x10,
         NULL, HFILL }},
-    { &hf_kerberos_FastOptions_reserved,
-      { "reserved", "kerberos.FastOptions.reserved",
-        FT_BOOLEAN, 8, NULL, 0x80,
-        NULL, HFILL }},
-    { &hf_kerberos_FastOptions_hide_client_names,
-      { "hide-client-names", "kerberos.FastOptions.hide.client.names",
-        FT_BOOLEAN, 8, NULL, 0x40,
-        NULL, HFILL }},
-    { &hf_kerberos_FastOptions_spare_bit2,
-      { "spare_bit2", "kerberos.FastOptions.spare.bit2",
-        FT_BOOLEAN, 8, NULL, 0x20,
-        NULL, HFILL }},
-    { &hf_kerberos_FastOptions_spare_bit3,
-      { "spare_bit3", "kerberos.FastOptions.spare.bit3",
-        FT_BOOLEAN, 8, NULL, 0x10,
-        NULL, HFILL }},
-    { &hf_kerberos_FastOptions_spare_bit4,
-      { "spare_bit4", "kerberos.FastOptions.spare.bit4",
-        FT_BOOLEAN, 8, NULL, 0x08,
-        NULL, HFILL }},
-    { &hf_kerberos_FastOptions_spare_bit5,
-      { "spare_bit5", "kerberos.FastOptions.spare.bit5",
-        FT_BOOLEAN, 8, NULL, 0x04,
-        NULL, HFILL }},
-    { &hf_kerberos_FastOptions_spare_bit6,
-      { "spare_bit6", "kerberos.FastOptions.spare.bit6",
-        FT_BOOLEAN, 8, NULL, 0x02,
-        NULL, HFILL }},
-    { &hf_kerberos_FastOptions_spare_bit7,
-      { "spare_bit7", "kerberos.FastOptions.spare.bit7",
-        FT_BOOLEAN, 8, NULL, 0x01,
-        NULL, HFILL }},
-    { &hf_kerberos_FastOptions_spare_bit8,
-      { "spare_bit8", "kerberos.FastOptions.spare.bit8",
-        FT_BOOLEAN, 8, NULL, 0x80,
-        NULL, HFILL }},
-    { &hf_kerberos_FastOptions_spare_bit9,
-      { "spare_bit9", "kerberos.FastOptions.spare.bit9",
-        FT_BOOLEAN, 8, NULL, 0x40,
-        NULL, HFILL }},
-    { &hf_kerberos_FastOptions_spare_bit10,
-      { "spare_bit10", "kerberos.FastOptions.spare.bit10",
-        FT_BOOLEAN, 8, NULL, 0x20,
-        NULL, HFILL }},
-    { &hf_kerberos_FastOptions_spare_bit11,
-      { "spare_bit11", "kerberos.FastOptions.spare.bit11",
-        FT_BOOLEAN, 8, NULL, 0x10,
-        NULL, HFILL }},
-    { &hf_kerberos_FastOptions_spare_bit12,
-      { "spare_bit12", "kerberos.FastOptions.spare.bit12",
-        FT_BOOLEAN, 8, NULL, 0x08,
-        NULL, HFILL }},
-    { &hf_kerberos_FastOptions_spare_bit13,
-      { "spare_bit13", "kerberos.FastOptions.spare.bit13",
-        FT_BOOLEAN, 8, NULL, 0x04,
-        NULL, HFILL }},
-    { &hf_kerberos_FastOptions_spare_bit14,
-      { "spare_bit14", "kerberos.FastOptions.spare.bit14",
-        FT_BOOLEAN, 8, NULL, 0x02,
-        NULL, HFILL }},
-    { &hf_kerberos_FastOptions_spare_bit15,
-      { "spare_bit15", "kerberos.FastOptions.spare.bit15",
-        FT_BOOLEAN, 8, NULL, 0x01,
-        NULL, HFILL }},
-    { &hf_kerberos_FastOptions_kdc_follow_referrals,
-      { "kdc-follow-referrals", "kerberos.FastOptions.kdc.follow.referrals",
-        FT_BOOLEAN, 8, NULL, 0x80,
-        NULL, HFILL }},
 
 /*--- End of included file: packet-kerberos-hfarr.c ---*/
-#line 4369 "./asn1/kerberos/packet-kerberos-template.c"
+#line 4590 "./asn1/kerberos/packet-kerberos-template.c"
 	};
 
 	/* List of subtrees */
@@ -8640,6 +8662,10 @@ void proto_register_kerberos(void) {
 		&ett_krb_ad_ap_options,
 #ifdef HAVE_KERBEROS
 		&ett_krb_pa_enc_ts_enc,
+	    &ett_kerberos_KrbFastFinished,
+	    &ett_kerberos_KrbFastResponse,
+        &ett_kerberos_KrbFastReq,
+        &ett_kerberos_FastOptions,
 #endif
 
 /*--- Included file: packet-kerberos-ettarr.c ---*/
@@ -8712,17 +8738,13 @@ void proto_register_kerberos(void) {
     &ett_kerberos_PA_FX_FAST_REQUEST,
     &ett_kerberos_EncryptedKrbFastReq,
     &ett_kerberos_KrbFastArmoredReq,
-    &ett_kerberos_KrbFastReq,
-    &ett_kerberos_FastOptions,
     &ett_kerberos_PA_FX_FAST_REPLY,
     &ett_kerberos_EncryptedKrbFastResponse,
     &ett_kerberos_KrbFastArmoredRep,
-    &ett_kerberos_KrbFastResponse,
-    &ett_kerberos_KrbFastFinished,
     &ett_kerberos_EncryptedChallenge,
 
 /*--- End of included file: packet-kerberos-ettarr.c ---*/
-#line 4392 "./asn1/kerberos/packet-kerberos-template.c"
+#line 4617 "./asn1/kerberos/packet-kerberos-template.c"
 	};
 
 	static ei_register_info ei[] = {
author	Dario Lombardo <lomato@gmail.com>	2020-05-27 16:54:10 +0200
committer	Anders Broman <a.broman58@gmail.com>	2020-05-27 19:12:03 +0000
commit	fc35d510898c8e33ea5b2c91d2320942111ec7f7 (patch)
tree	e28e36556faed1c51292f7a9fe1d978adbbf2cf3 /epan
parent	64d99d66629eb595f93994758b44b21410caae45 (diff)