diff options
-rw-r--r-- | epan/dissectors/asn1/kerberos/packet-kerberos-template.c | 87 | ||||
-rw-r--r-- | epan/dissectors/packet-kerberos.c | 99 |
2 files changed, 154 insertions, 32 deletions
diff --git a/epan/dissectors/asn1/kerberos/packet-kerberos-template.c b/epan/dissectors/asn1/kerberos/packet-kerberos-template.c index ae28a73a01..236bc0501f 100644 --- a/epan/dissectors/asn1/kerberos/packet-kerberos-template.c +++ b/epan/dissectors/asn1/kerberos/packet-kerberos-template.c @@ -162,7 +162,10 @@ static gint hf_krb_pac_clientid = -1; static gint hf_krb_pac_namelen = -1; static gint hf_krb_pac_clientname = -1; static gint hf_krb_pac_logon_info = -1; -static gint hf_krb_pac_credential_type = -1; +static gint hf_krb_pac_credential_data = -1; +static gint hf_krb_pac_credential_info = -1; +static gint hf_krb_pac_credential_info_version = -1; +static gint hf_krb_pac_credential_info_etype = -1; static gint hf_krb_pac_s4u_delegation_info = -1; static gint hf_krb_pac_upn_dns_info = -1; static gint hf_krb_pac_upn_flags = -1; @@ -197,6 +200,7 @@ static gint ett_krb_pac = -1; static gint ett_krb_pac_drep = -1; static gint ett_krb_pac_midl_blob = -1; static gint ett_krb_pac_logon_info = -1; +static gint ett_krb_pac_credential_info = -1; static gint ett_krb_pac_s4u_delegation_info = -1; static gint ett_krb_pac_upn_dns_info = -1; static gint ett_krb_pac_server_checksum = -1; @@ -2055,6 +2059,61 @@ dissect_krb5_PAC_LOGON_INFO(proto_tree *parent_tree, tvbuff_t *tvb, int offset, return offset; } + +static int +dissect_krb5_PAC_CREDENTIAL_DATA(proto_tree *parent_tree, tvbuff_t *tvb, int offset, packet_info *pinfo _U_) +{ + proto_tree_add_item(parent_tree, hf_krb_pac_credential_data, tvb, offset, -1, ENC_NA); + + return offset; +} + +static int +dissect_krb5_PAC_CREDENTIAL_INFO(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx) +{ + proto_item *item; + proto_tree *tree; + guint32 etype; + guint8 *plaintext = NULL; + int plainlen = 0; + int length; + tvbuff_t *next_tvb; +#define KRB5_KU_OTHER_ENCRYPTED 16 + int usage = KRB5_KU_OTHER_ENCRYPTED; + + item = proto_tree_add_item(parent_tree, hf_krb_pac_credential_info, tvb, offset, -1, ENC_NA); + tree = proto_item_add_subtree(item, ett_krb_pac_credential_info); + + /* version */ + proto_tree_add_item(tree, hf_krb_pac_credential_info_version, tvb, + offset, 4, ENC_LITTLE_ENDIAN); + offset+=4; + + /* etype */ + etype = tvb_get_letohl(tvb, offset); + proto_tree_add_item(tree, hf_krb_pac_credential_info_etype, tvb, + offset, 4, ENC_LITTLE_ENDIAN); + offset+=4; + + /* data */ + next_tvb=tvb_new_subset_remaining(tvb, offset); + length=tvb_captured_length_remaining(tvb, offset); + + plaintext=decrypt_krb5_data(tree, actx->pinfo, usage, next_tvb, (int)etype, &plainlen); + + if (plaintext != NULL) { + tvbuff_t *child_tvb; + child_tvb = tvb_new_child_real_data(tvb, plaintext, plainlen, plainlen); + + /* Add the decrypted data to the data source list. */ + add_new_data_source(actx->pinfo, child_tvb, "Decrypted Krb5"); + + dissect_krb5_PAC_CREDENTIAL_DATA(tree, child_tvb, 0, actx->pinfo); + } + + return offset + length; +} + static int dissect_krb5_PAC_S4U_DELEGATION_INFO(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx) { @@ -2126,14 +2185,6 @@ dissect_krb5_PAC_UPN_DNS_INFO(proto_tree *parent_tree, tvbuff_t *tvb, int offset } static int -dissect_krb5_PAC_CREDENTIAL_TYPE(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_) -{ - proto_tree_add_item(parent_tree, hf_krb_pac_credential_type, tvb, offset, -1, ENC_NA); - - return offset; -} - -static int dissect_krb5_PAC_SERVER_CHECKSUM(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_) { proto_item *item; @@ -2229,7 +2280,7 @@ dissect_krb5_AD_WIN2K_PAC_struct(proto_tree *tree, tvbuff_t *tvb, int offset, as dissect_krb5_PAC_LOGON_INFO(tr, next_tvb, 0, actx); break; case PAC_CREDENTIAL_TYPE: - dissect_krb5_PAC_CREDENTIAL_TYPE(tr, next_tvb, 0, actx); + dissect_krb5_PAC_CREDENTIAL_INFO(tr, next_tvb, 0, actx); break; case PAC_SERVER_CHECKSUM: dissect_krb5_PAC_SERVER_CHECKSUM(tr, next_tvb, 0, actx); @@ -2631,9 +2682,18 @@ void proto_register_kerberos(void) { { &hf_krb_pac_logon_info, { "PAC_LOGON_INFO", "kerberos.pac_logon_info", FT_BYTES, BASE_NONE, NULL, 0, "PAC_LOGON_INFO structure", HFILL }}, - { &hf_krb_pac_credential_type, { - "PAC_CREDENTIAL_TYPE", "kerberos.pac_credential_type", FT_BYTES, BASE_NONE, - NULL, 0, "PAC_CREDENTIAL_TYPE structure", HFILL }}, + { &hf_krb_pac_credential_data, { + "PAC_CREDENTIAL_DATA", "kerberos.pac_credential_data", FT_BYTES, BASE_NONE, + NULL, 0, "PAC_CREDENTIAL_DATA structure", HFILL }}, + { &hf_krb_pac_credential_info, { + "PAC_CREDENTIAL_INFO", "kerberos.pac_credential_info", FT_BYTES, BASE_NONE, + NULL, 0, "PAC_CREDENTIAL_INFO structure", HFILL }}, + { &hf_krb_pac_credential_info_version, { + "Version", "kerberos.pac_credential_info.version", FT_UINT32, BASE_DEC, + NULL, 0, NULL, HFILL }}, + { &hf_krb_pac_credential_info_etype, { + "Etype", "kerberos.pac_credential_info.etype", FT_UINT32, BASE_DEC, + NULL, 0, NULL, HFILL }}, { &hf_krb_pac_server_checksum, { "PAC_SERVER_CHECKSUM", "kerberos.pac_server_checksum", FT_BYTES, BASE_NONE, NULL, 0, "PAC_SERVER_CHECKSUM structure", HFILL }}, @@ -2721,6 +2781,7 @@ void proto_register_kerberos(void) { &ett_krb_pac_drep, &ett_krb_pac_midl_blob, &ett_krb_pac_logon_info, + &ett_krb_pac_credential_info, &ett_krb_pac_s4u_delegation_info, &ett_krb_pac_upn_dns_info, &ett_krb_pac_server_checksum, diff --git a/epan/dissectors/packet-kerberos.c b/epan/dissectors/packet-kerberos.c index be2f9cd39a..32715008a0 100644 --- a/epan/dissectors/packet-kerberos.c +++ b/epan/dissectors/packet-kerberos.c @@ -170,7 +170,10 @@ static gint hf_krb_pac_clientid = -1; static gint hf_krb_pac_namelen = -1; static gint hf_krb_pac_clientname = -1; static gint hf_krb_pac_logon_info = -1; -static gint hf_krb_pac_credential_type = -1; +static gint hf_krb_pac_credential_data = -1; +static gint hf_krb_pac_credential_info = -1; +static gint hf_krb_pac_credential_info_version = -1; +static gint hf_krb_pac_credential_info_etype = -1; static gint hf_krb_pac_s4u_delegation_info = -1; static gint hf_krb_pac_upn_dns_info = -1; static gint hf_krb_pac_upn_flags = -1; @@ -410,7 +413,7 @@ static int hf_kerberos_PAC_OPTIONS_FLAGS_forward_to_full_dc = -1; static int hf_kerberos_PAC_OPTIONS_FLAGS_resource_based_constrained_delegation = -1; /*--- End of included file: packet-kerberos-hf.c ---*/ -#line 192 "./asn1/kerberos/packet-kerberos-template.c" +#line 195 "./asn1/kerberos/packet-kerberos-template.c" /* Initialize the subtree pointers */ static gint ett_kerberos = -1; @@ -419,6 +422,7 @@ static gint ett_krb_pac = -1; static gint ett_krb_pac_drep = -1; static gint ett_krb_pac_midl_blob = -1; static gint ett_krb_pac_logon_info = -1; +static gint ett_krb_pac_credential_info = -1; static gint ett_krb_pac_s4u_delegation_info = -1; static gint ett_krb_pac_upn_dns_info = -1; static gint ett_krb_pac_server_checksum = -1; @@ -502,7 +506,7 @@ static gint ett_kerberos_PA_FX_FAST_REPLY = -1; static gint ett_kerberos_KrbFastArmoredRep = -1; /*--- End of included file: packet-kerberos-ett.c ---*/ -#line 208 "./asn1/kerberos/packet-kerberos-template.c" +#line 212 "./asn1/kerberos/packet-kerberos-template.c" static expert_field ei_kerberos_decrypted_keytype = EI_INIT; static expert_field ei_kerberos_address = EI_INIT; @@ -622,7 +626,7 @@ typedef enum _KERBEROS_PADATA_TYPE_enum { } KERBEROS_PADATA_TYPE_enum; /*--- End of included file: packet-kerberos-val.h ---*/ -#line 220 "./asn1/kerberos/packet-kerberos-template.c" +#line 224 "./asn1/kerberos/packet-kerberos-template.c" static void call_kerberos_callbacks(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int tag, kerberos_callbacks *cb) @@ -2461,6 +2465,61 @@ dissect_krb5_PAC_LOGON_INFO(proto_tree *parent_tree, tvbuff_t *tvb, int offset, return offset; } + +static int +dissect_krb5_PAC_CREDENTIAL_DATA(proto_tree *parent_tree, tvbuff_t *tvb, int offset, packet_info *pinfo _U_) +{ + proto_tree_add_item(parent_tree, hf_krb_pac_credential_data, tvb, offset, -1, ENC_NA); + + return offset; +} + +static int +dissect_krb5_PAC_CREDENTIAL_INFO(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx) +{ + proto_item *item; + proto_tree *tree; + guint32 etype; + guint8 *plaintext = NULL; + int plainlen = 0; + int length; + tvbuff_t *next_tvb; +#define KRB5_KU_OTHER_ENCRYPTED 16 + int usage = KRB5_KU_OTHER_ENCRYPTED; + + item = proto_tree_add_item(parent_tree, hf_krb_pac_credential_info, tvb, offset, -1, ENC_NA); + tree = proto_item_add_subtree(item, ett_krb_pac_credential_info); + + /* version */ + proto_tree_add_item(tree, hf_krb_pac_credential_info_version, tvb, + offset, 4, ENC_LITTLE_ENDIAN); + offset+=4; + + /* etype */ + etype = tvb_get_letohl(tvb, offset); + proto_tree_add_item(tree, hf_krb_pac_credential_info_etype, tvb, + offset, 4, ENC_LITTLE_ENDIAN); + offset+=4; + + /* data */ + next_tvb=tvb_new_subset_remaining(tvb, offset); + length=tvb_captured_length_remaining(tvb, offset); + + plaintext=decrypt_krb5_data(tree, actx->pinfo, usage, next_tvb, (int)etype, &plainlen); + + if (plaintext != NULL) { + tvbuff_t *child_tvb; + child_tvb = tvb_new_child_real_data(tvb, plaintext, plainlen, plainlen); + + /* Add the decrypted data to the data source list. */ + add_new_data_source(actx->pinfo, child_tvb, "Decrypted Krb5"); + + dissect_krb5_PAC_CREDENTIAL_DATA(tree, child_tvb, 0, actx->pinfo); + } + + return offset + length; +} + static int dissect_krb5_PAC_S4U_DELEGATION_INFO(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx) { @@ -2532,14 +2591,6 @@ dissect_krb5_PAC_UPN_DNS_INFO(proto_tree *parent_tree, tvbuff_t *tvb, int offset } static int -dissect_krb5_PAC_CREDENTIAL_TYPE(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_) -{ - proto_tree_add_item(parent_tree, hf_krb_pac_credential_type, tvb, offset, -1, ENC_NA); - - return offset; -} - -static int dissect_krb5_PAC_SERVER_CHECKSUM(proto_tree *parent_tree, tvbuff_t *tvb, int offset, asn1_ctx_t *actx _U_) { proto_item *item; @@ -2635,7 +2686,7 @@ dissect_krb5_AD_WIN2K_PAC_struct(proto_tree *tree, tvbuff_t *tvb, int offset, as dissect_krb5_PAC_LOGON_INFO(tr, next_tvb, 0, actx); break; case PAC_CREDENTIAL_TYPE: - dissect_krb5_PAC_CREDENTIAL_TYPE(tr, next_tvb, 0, actx); + dissect_krb5_PAC_CREDENTIAL_INFO(tr, next_tvb, 0, actx); break; case PAC_SERVER_CHECKSUM: dissect_krb5_PAC_SERVER_CHECKSUM(tr, next_tvb, 0, actx); @@ -5202,7 +5253,7 @@ dissect_kerberos_EncryptedChallenge(gboolean implicit_tag _U_, tvbuff_t *tvb _U_ /*--- End of included file: packet-kerberos-fn.c ---*/ -#line 2285 "./asn1/kerberos/packet-kerberos-template.c" +#line 2336 "./asn1/kerberos/packet-kerberos-template.c" /* Make wrappers around exported functions for now */ int @@ -5552,9 +5603,18 @@ void proto_register_kerberos(void) { { &hf_krb_pac_logon_info, { "PAC_LOGON_INFO", "kerberos.pac_logon_info", FT_BYTES, BASE_NONE, NULL, 0, "PAC_LOGON_INFO structure", HFILL }}, - { &hf_krb_pac_credential_type, { - "PAC_CREDENTIAL_TYPE", "kerberos.pac_credential_type", FT_BYTES, BASE_NONE, - NULL, 0, "PAC_CREDENTIAL_TYPE structure", HFILL }}, + { &hf_krb_pac_credential_data, { + "PAC_CREDENTIAL_DATA", "kerberos.pac_credential_data", FT_BYTES, BASE_NONE, + NULL, 0, "PAC_CREDENTIAL_DATA structure", HFILL }}, + { &hf_krb_pac_credential_info, { + "PAC_CREDENTIAL_INFO", "kerberos.pac_credential_info", FT_BYTES, BASE_NONE, + NULL, 0, "PAC_CREDENTIAL_INFO structure", HFILL }}, + { &hf_krb_pac_credential_info_version, { + "Version", "kerberos.pac_credential_info.version", FT_UINT32, BASE_DEC, + NULL, 0, NULL, HFILL }}, + { &hf_krb_pac_credential_info_etype, { + "Etype", "kerberos.pac_credential_info.etype", FT_UINT32, BASE_DEC, + NULL, 0, NULL, HFILL }}, { &hf_krb_pac_server_checksum, { "PAC_SERVER_CHECKSUM", "kerberos.pac_server_checksum", FT_BYTES, BASE_NONE, NULL, 0, "PAC_SERVER_CHECKSUM structure", HFILL }}, @@ -6468,7 +6528,7 @@ void proto_register_kerberos(void) { NULL, HFILL }}, /*--- End of included file: packet-kerberos-hfarr.c ---*/ -#line 2714 "./asn1/kerberos/packet-kerberos-template.c" +#line 2774 "./asn1/kerberos/packet-kerberos-template.c" }; /* List of subtrees */ @@ -6479,6 +6539,7 @@ void proto_register_kerberos(void) { &ett_krb_pac_drep, &ett_krb_pac_midl_blob, &ett_krb_pac_logon_info, + &ett_krb_pac_credential_info, &ett_krb_pac_s4u_delegation_info, &ett_krb_pac_upn_dns_info, &ett_krb_pac_server_checksum, @@ -6562,7 +6623,7 @@ void proto_register_kerberos(void) { &ett_kerberos_KrbFastArmoredRep, /*--- End of included file: packet-kerberos-ettarr.c ---*/ -#line 2732 "./asn1/kerberos/packet-kerberos-template.c" +#line 2793 "./asn1/kerberos/packet-kerberos-template.c" }; static ei_register_info ei[] = { |