aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--epan/dissectors/asn1/kerberos/packet-kerberos-template.c87
-rw-r--r--epan/dissectors/packet-kerberos.c99
2 files changed, 154 insertions, 32 deletions
diff --git a/epan/dissectors/asn1/kerberos/packet-kerberos-template.c b/epan/dissectors/asn1/kerberos/packet-kerberos-template.c
index ae28a73a01..236bc0501f 100644
--- a/epan/dissectors/asn1/kerberos/packet-kerberos-template.c
+++ b/epan/dissectors/asn1/kerberos/packet-kerberos-template.c
@@ -162,7 +162,10 @@ static gint hf_krb_pac_clientid = -1;
static gint hf_krb_pac_namelen = -1;
static gint hf_krb_pac_clientname = -1;
static gint hf_krb_pac_logon_info = -1;
-static gint hf_krb_pac_credential_type = -1;
+static gint hf_krb_pac_credential_data = -1;
+static gint hf_krb_pac_credential_info = -1;
+static gint hf_krb_pac_credential_info_version = -1;
+static gint hf_krb_pac_credential_info_etype = -1;
static gint hf_krb_pac_s4u_delegation_info = -1;
static gint hf_krb_pac_upn_dns_info = -1;
static gint hf_krb_pac_upn_flags = -1;
@@ -197,6 +200,7 @@ static gint ett_krb_pac = -1;
static gint ett_krb_pac_drep = -1;
static gint ett_krb_pac_midl_blob = -1;
static gint ett_krb_pac_logon_info = -1;
+static gint ett_krb_pac_credential_info = -1;
static gint ett_krb_pac_s4u_delegation_info = -1;
static gint ett_krb_pac_upn_dns_info = -1;
static gint ett_krb_pac_server_checksum = -1;
@@ -2055,6 +2059,61 @@ dissect_krb5_PAC_LOGON_INFO(proto_tree *parent_tree, tvbuff_t *tvb, int offset,
return offset;
}
+
+static int
+dissect_krb5_PAC_CREDENTIAL_DATA(proto_tree *parent_tree, tvbuff_t *tvb, int offset, packet_info *pinfo _U_)
+{
+ proto_tree_add_item(parent_tree, hf_krb_pac_credential_data, tvb, offset, -1, ENC_NA);
+
+ return offset;
+}
+
+static int
+dissect_krb5_PAC_CREDENTIAL_INFO(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx)
+{
+ proto_item *item;
+ proto_tree *tree;
+ guint32 etype;
+ guint8 *plaintext = NULL;
+ int plainlen = 0;
+ int length;
+ tvbuff_t *next_tvb;
+#define KRB5_KU_OTHER_ENCRYPTED 16
+ int usage = KRB5_KU_OTHER_ENCRYPTED;
+
+ item = proto_tree_add_item(parent_tree, hf_krb_pac_credential_info, tvb, offset, -1, ENC_NA);
+ tree = proto_item_add_subtree(item, ett_krb_pac_credential_info);
+
+ /* version */
+ proto_tree_add_item(tree, hf_krb_pac_credential_info_version, tvb,
+ offset, 4, ENC_LITTLE_ENDIAN);
+ offset+=4;
+
+ /* etype */
+ etype = tvb_get_letohl(tvb, offset);
+ proto_tree_add_item(tree, hf_krb_pac_credential_info_etype, tvb,
+ offset, 4, ENC_LITTLE_ENDIAN);
+ offset+=4;
+
+ /* data */
+ next_tvb=tvb_new_subset_remaining(tvb, offset);
+ length=tvb_captured_length_remaining(tvb, offset);
+
+ plaintext=decrypt_krb5_data(tree, actx->pinfo, usage, next_tvb, (int)etype, &plainlen);
+
+ if (plaintext != NULL) {
+ tvbuff_t *child_tvb;
+ child_tvb = tvb_new_child_real_data(tvb, plaintext, plainlen, plainlen);
+
+ /* Add the decrypted data to the data source list. */
+ add_new_data_source(actx->pinfo, child_tvb, "Decrypted Krb5");
+
+ dissect_krb5_PAC_CREDENTIAL_DATA(tree, child_tvb, 0, actx->pinfo);
+ }
+
+ return offset + length;
+}
+
static int
dissect_krb5_PAC_S4U_DELEGATION_INFO(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx)
{
@@ -2126,14 +2185,6 @@ dissect_krb5_PAC_UPN_DNS_INFO(proto_tree *parent_tree, tvbuff_t *tvb, int offset
}
static int
-dissect_krb5_PAC_CREDENTIAL_TYPE(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
-{
- proto_tree_add_item(parent_tree, hf_krb_pac_credential_type, tvb, offset, -1, ENC_NA);
-
- return offset;
-}
-
-static int
dissect_krb5_PAC_SERVER_CHECKSUM(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
{
proto_item *item;
@@ -2229,7 +2280,7 @@ dissect_krb5_AD_WIN2K_PAC_struct(proto_tree *tree, tvbuff_t *tvb, int offset, as
dissect_krb5_PAC_LOGON_INFO(tr, next_tvb, 0, actx);
break;
case PAC_CREDENTIAL_TYPE:
- dissect_krb5_PAC_CREDENTIAL_TYPE(tr, next_tvb, 0, actx);
+ dissect_krb5_PAC_CREDENTIAL_INFO(tr, next_tvb, 0, actx);
break;
case PAC_SERVER_CHECKSUM:
dissect_krb5_PAC_SERVER_CHECKSUM(tr, next_tvb, 0, actx);
@@ -2631,9 +2682,18 @@ void proto_register_kerberos(void) {
{ &hf_krb_pac_logon_info, {
"PAC_LOGON_INFO", "kerberos.pac_logon_info", FT_BYTES, BASE_NONE,
NULL, 0, "PAC_LOGON_INFO structure", HFILL }},
- { &hf_krb_pac_credential_type, {
- "PAC_CREDENTIAL_TYPE", "kerberos.pac_credential_type", FT_BYTES, BASE_NONE,
- NULL, 0, "PAC_CREDENTIAL_TYPE structure", HFILL }},
+ { &hf_krb_pac_credential_data, {
+ "PAC_CREDENTIAL_DATA", "kerberos.pac_credential_data", FT_BYTES, BASE_NONE,
+ NULL, 0, "PAC_CREDENTIAL_DATA structure", HFILL }},
+ { &hf_krb_pac_credential_info, {
+ "PAC_CREDENTIAL_INFO", "kerberos.pac_credential_info", FT_BYTES, BASE_NONE,
+ NULL, 0, "PAC_CREDENTIAL_INFO structure", HFILL }},
+ { &hf_krb_pac_credential_info_version, {
+ "Version", "kerberos.pac_credential_info.version", FT_UINT32, BASE_DEC,
+ NULL, 0, NULL, HFILL }},
+ { &hf_krb_pac_credential_info_etype, {
+ "Etype", "kerberos.pac_credential_info.etype", FT_UINT32, BASE_DEC,
+ NULL, 0, NULL, HFILL }},
{ &hf_krb_pac_server_checksum, {
"PAC_SERVER_CHECKSUM", "kerberos.pac_server_checksum", FT_BYTES, BASE_NONE,
NULL, 0, "PAC_SERVER_CHECKSUM structure", HFILL }},
@@ -2721,6 +2781,7 @@ void proto_register_kerberos(void) {
&ett_krb_pac_drep,
&ett_krb_pac_midl_blob,
&ett_krb_pac_logon_info,
+ &ett_krb_pac_credential_info,
&ett_krb_pac_s4u_delegation_info,
&ett_krb_pac_upn_dns_info,
&ett_krb_pac_server_checksum,
diff --git a/epan/dissectors/packet-kerberos.c b/epan/dissectors/packet-kerberos.c
index be2f9cd39a..32715008a0 100644
--- a/epan/dissectors/packet-kerberos.c
+++ b/epan/dissectors/packet-kerberos.c
@@ -170,7 +170,10 @@ static gint hf_krb_pac_clientid = -1;
static gint hf_krb_pac_namelen = -1;
static gint hf_krb_pac_clientname = -1;
static gint hf_krb_pac_logon_info = -1;
-static gint hf_krb_pac_credential_type = -1;
+static gint hf_krb_pac_credential_data = -1;
+static gint hf_krb_pac_credential_info = -1;
+static gint hf_krb_pac_credential_info_version = -1;
+static gint hf_krb_pac_credential_info_etype = -1;
static gint hf_krb_pac_s4u_delegation_info = -1;
static gint hf_krb_pac_upn_dns_info = -1;
static gint hf_krb_pac_upn_flags = -1;
@@ -410,7 +413,7 @@ static int hf_kerberos_PAC_OPTIONS_FLAGS_forward_to_full_dc = -1;
static int hf_kerberos_PAC_OPTIONS_FLAGS_resource_based_constrained_delegation = -1;
/*--- End of included file: packet-kerberos-hf.c ---*/
-#line 192 "./asn1/kerberos/packet-kerberos-template.c"
+#line 195 "./asn1/kerberos/packet-kerberos-template.c"
/* Initialize the subtree pointers */
static gint ett_kerberos = -1;
@@ -419,6 +422,7 @@ static gint ett_krb_pac = -1;
static gint ett_krb_pac_drep = -1;
static gint ett_krb_pac_midl_blob = -1;
static gint ett_krb_pac_logon_info = -1;
+static gint ett_krb_pac_credential_info = -1;
static gint ett_krb_pac_s4u_delegation_info = -1;
static gint ett_krb_pac_upn_dns_info = -1;
static gint ett_krb_pac_server_checksum = -1;
@@ -502,7 +506,7 @@ static gint ett_kerberos_PA_FX_FAST_REPLY = -1;
static gint ett_kerberos_KrbFastArmoredRep = -1;
/*--- End of included file: packet-kerberos-ett.c ---*/
-#line 208 "./asn1/kerberos/packet-kerberos-template.c"
+#line 212 "./asn1/kerberos/packet-kerberos-template.c"
static expert_field ei_kerberos_decrypted_keytype = EI_INIT;
static expert_field ei_kerberos_address = EI_INIT;
@@ -622,7 +626,7 @@ typedef enum _KERBEROS_PADATA_TYPE_enum {
} KERBEROS_PADATA_TYPE_enum;
/*--- End of included file: packet-kerberos-val.h ---*/
-#line 220 "./asn1/kerberos/packet-kerberos-template.c"
+#line 224 "./asn1/kerberos/packet-kerberos-template.c"
static void
call_kerberos_callbacks(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int tag, kerberos_callbacks *cb)
@@ -2461,6 +2465,61 @@ dissect_krb5_PAC_LOGON_INFO(proto_tree *parent_tree, tvbuff_t *tvb, int offset,
return offset;
}
+
+static int
+dissect_krb5_PAC_CREDENTIAL_DATA(proto_tree *parent_tree, tvbuff_t *tvb, int offset, packet_info *pinfo _U_)
+{
+ proto_tree_add_item(parent_tree, hf_krb_pac_credential_data, tvb, offset, -1, ENC_NA);
+
+ return offset;
+}
+
+static int
+dissect_krb5_PAC_CREDENTIAL_INFO(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx)
+{
+ proto_item *item;
+ proto_tree *tree;
+ guint32 etype;
+ guint8 *plaintext = NULL;
+ int plainlen = 0;
+ int length;
+ tvbuff_t *next_tvb;
+#define KRB5_KU_OTHER_ENCRYPTED 16
+ int usage = KRB5_KU_OTHER_ENCRYPTED;
+
+ item = proto_tree_add_item(parent_tree, hf_krb_pac_credential_info, tvb, offset, -1, ENC_NA);
+ tree = proto_item_add_subtree(item, ett_krb_pac_credential_info);
+
+ /* version */
+ proto_tree_add_item(tree, hf_krb_pac_credential_info_version, tvb,
+ offset, 4, ENC_LITTLE_ENDIAN);
+ offset+=4;
+
+ /* etype */
+ etype = tvb_get_letohl(tvb, offset);
+ proto_tree_add_item(tree, hf_krb_pac_credential_info_etype, tvb,
+ offset, 4, ENC_LITTLE_ENDIAN);
+ offset+=4;
+
+ /* data */
+ next_tvb=tvb_new_subset_remaining(tvb, offset);
+ length=tvb_captured_length_remaining(tvb, offset);
+
+ plaintext=decrypt_krb5_data(tree, actx->pinfo, usage, next_tvb, (int)etype, &plainlen);
+
+ if (plaintext != NULL) {
+ tvbuff_t *child_tvb;
+ child_tvb = tvb_new_child_real_data(tvb, plaintext, plainlen, plainlen);
+
+ /* Add the decrypted data to the data source list. */
+ add_new_data_source(actx->pinfo, child_tvb, "Decrypted Krb5");
+
+ dissect_krb5_PAC_CREDENTIAL_DATA(tree, child_tvb, 0, actx->pinfo);
+ }
+
+ return offset + length;
+}
+
static int
dissect_krb5_PAC_S4U_DELEGATION_INFO(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx)
{
@@ -2532,14 +2591,6 @@ dissect_krb5_PAC_UPN_DNS_INFO(proto_tree *parent_tree, tvbuff_t *tvb, int offset
}
static int
-dissect_krb5_PAC_CREDENTIAL_TYPE(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
-{
- proto_tree_add_item(parent_tree, hf_krb_pac_credential_type, tvb, offset, -1, ENC_NA);
-
- return offset;
-}
-
-static int
dissect_krb5_PAC_SERVER_CHECKSUM(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_)
{
proto_item *item;
@@ -2635,7 +2686,7 @@ dissect_krb5_AD_WIN2K_PAC_struct(proto_tree *tree, tvbuff_t *tvb, int offset, as
dissect_krb5_PAC_LOGON_INFO(tr, next_tvb, 0, actx);
break;
case PAC_CREDENTIAL_TYPE:
- dissect_krb5_PAC_CREDENTIAL_TYPE(tr, next_tvb, 0, actx);
+ dissect_krb5_PAC_CREDENTIAL_INFO(tr, next_tvb, 0, actx);
break;
case PAC_SERVER_CHECKSUM:
dissect_krb5_PAC_SERVER_CHECKSUM(tr, next_tvb, 0, actx);
@@ -5202,7 +5253,7 @@ dissect_kerberos_EncryptedChallenge(gboolean implicit_tag _U_, tvbuff_t *tvb _U_
/*--- End of included file: packet-kerberos-fn.c ---*/
-#line 2285 "./asn1/kerberos/packet-kerberos-template.c"
+#line 2336 "./asn1/kerberos/packet-kerberos-template.c"
/* Make wrappers around exported functions for now */
int
@@ -5552,9 +5603,18 @@ void proto_register_kerberos(void) {
{ &hf_krb_pac_logon_info, {
"PAC_LOGON_INFO", "kerberos.pac_logon_info", FT_BYTES, BASE_NONE,
NULL, 0, "PAC_LOGON_INFO structure", HFILL }},
- { &hf_krb_pac_credential_type, {
- "PAC_CREDENTIAL_TYPE", "kerberos.pac_credential_type", FT_BYTES, BASE_NONE,
- NULL, 0, "PAC_CREDENTIAL_TYPE structure", HFILL }},
+ { &hf_krb_pac_credential_data, {
+ "PAC_CREDENTIAL_DATA", "kerberos.pac_credential_data", FT_BYTES, BASE_NONE,
+ NULL, 0, "PAC_CREDENTIAL_DATA structure", HFILL }},
+ { &hf_krb_pac_credential_info, {
+ "PAC_CREDENTIAL_INFO", "kerberos.pac_credential_info", FT_BYTES, BASE_NONE,
+ NULL, 0, "PAC_CREDENTIAL_INFO structure", HFILL }},
+ { &hf_krb_pac_credential_info_version, {
+ "Version", "kerberos.pac_credential_info.version", FT_UINT32, BASE_DEC,
+ NULL, 0, NULL, HFILL }},
+ { &hf_krb_pac_credential_info_etype, {
+ "Etype", "kerberos.pac_credential_info.etype", FT_UINT32, BASE_DEC,
+ NULL, 0, NULL, HFILL }},
{ &hf_krb_pac_server_checksum, {
"PAC_SERVER_CHECKSUM", "kerberos.pac_server_checksum", FT_BYTES, BASE_NONE,
NULL, 0, "PAC_SERVER_CHECKSUM structure", HFILL }},
@@ -6468,7 +6528,7 @@ void proto_register_kerberos(void) {
NULL, HFILL }},
/*--- End of included file: packet-kerberos-hfarr.c ---*/
-#line 2714 "./asn1/kerberos/packet-kerberos-template.c"
+#line 2774 "./asn1/kerberos/packet-kerberos-template.c"
};
/* List of subtrees */
@@ -6479,6 +6539,7 @@ void proto_register_kerberos(void) {
&ett_krb_pac_drep,
&ett_krb_pac_midl_blob,
&ett_krb_pac_logon_info,
+ &ett_krb_pac_credential_info,
&ett_krb_pac_s4u_delegation_info,
&ett_krb_pac_upn_dns_info,
&ett_krb_pac_server_checksum,
@@ -6562,7 +6623,7 @@ void proto_register_kerberos(void) {
&ett_kerberos_KrbFastArmoredRep,
/*--- End of included file: packet-kerberos-ettarr.c ---*/
-#line 2732 "./asn1/kerberos/packet-kerberos-template.c"
+#line 2793 "./asn1/kerberos/packet-kerberos-template.c"
};
static ei_register_info ei[] = {
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-24 04:18:25 +0000