From ed81b83768306b6517dd7d3bcc680f9f04251543 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 27 Feb 2015 14:02:56 +0100 Subject: packet-kerberos: re-add dissection of ntstatus (KERB_EXT_ERROR) in PA-PW-SALT We autodetect the length a 12 bytes and the 0 (4 bytes) and 1 (4 bytes) values after the 4 bytes NTSTATUS field. See [MS-KILE] 2.2.1 KERB-EXT-ERROR. Change-Id: I19345cb3f9c863e54a8f16002987912487f7d76a Signed-off-by: Stefan Metzmacher Reviewed-on: https://code.wireshark.org/review/35694 Petri-Dish: Anders Broman Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman --- epan/dissectors/asn1/kerberos/kerberos.cnf | 12 +- .../asn1/kerberos/packet-kerberos-template.c | 75 +++++++++- epan/dissectors/packet-kerberos.c | 163 ++++++++++++++------- 3 files changed, 188 insertions(+), 62 deletions(-) diff --git a/epan/dissectors/asn1/kerberos/kerberos.cnf b/epan/dissectors/asn1/kerberos/kerberos.cnf index 6050d69047..9be7e429f3 100644 --- a/epan/dissectors/asn1/kerberos/kerberos.cnf +++ b/epan/dissectors/asn1/kerberos/kerberos.cnf @@ -87,21 +87,24 @@ guint32 msgtype; proto_item_append_text(tree, " %s", val_to_str(msgtype, krb5_msg_types, "Unknown:0x%x")); ##endif -#.FN_BODY ERROR-CODE VAL_PTR = &krb5_errorcode +#.FN_BODY ERROR-CODE VAL_PTR = &private_data->errorcode + kerberos_private_data_t *private_data = kerberos_get_private_data(actx); %(DEFAULT_BODY)s #.FN_FTR ERROR-CODE - if(krb5_errorcode) { + if (private_data->errorcode) { col_add_fstr(actx->pinfo->cinfo, COL_INFO, "KRB Error: %s", - val_to_str(krb5_errorcode, krb5_error_codes, + val_to_str(private_data->errorcode, krb5_error_codes, "Unknown error code %#x")); } return offset; #.END #.FN_BODY KRB-ERROR/_untag/e-data - switch(krb5_errorcode){ + kerberos_private_data_t *private_data = kerberos_get_private_data(actx); + + switch (private_data->errorcode) { case KRB5_ET_KRB5KDC_ERR_BADOPTION: case KRB5_ET_KRB5KDC_ERR_CLIENT_REVOKED: case KRB5_ET_KRB5KDC_ERR_KEY_EXP: @@ -109,6 +112,7 @@ guint32 msgtype; /* ms windows kdc sends e-data of this type containing a "salt" * that contains the nt_status code for these error codes. */ + private_data->try_nt_status = TRUE; offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_kerberos_e_data, dissect_kerberos_PA_DATA); break; case KRB5_ET_KRB5KDC_ERR_PREAUTH_REQUIRED: diff --git a/epan/dissectors/asn1/kerberos/packet-kerberos-template.c b/epan/dissectors/asn1/kerberos/packet-kerberos-template.c index 12c4415ab0..4fb758f057 100644 --- a/epan/dissectors/asn1/kerberos/packet-kerberos-template.c +++ b/epan/dissectors/asn1/kerberos/packet-kerberos-template.c @@ -86,6 +86,8 @@ typedef struct kerberos_key { typedef struct { guint32 msg_type; + guint32 errorcode; + gboolean try_nt_status; guint32 etype; guint32 padata_type; guint32 is_enc_padata; @@ -122,6 +124,9 @@ static gint hf_krb_rm_reserved = -1; static gint hf_krb_rm_reclen = -1; static gint hf_krb_provsrv_location = -1; static gint hf_krb_pw_salt = -1; +static gint hf_krb_ext_error_nt_status = -1; +static gint hf_krb_ext_error_reserved = -1; +static gint hf_krb_ext_error_flags = -1; static gint hf_krb_address_ip = -1; static gint hf_krb_address_netbios = -1; static gint hf_krb_address_ipv6 = -1; @@ -187,7 +192,6 @@ static expert_field ei_krb_gssapi_dlglen = EI_INIT; static dissector_handle_t krb4_handle=NULL; /* Global variables */ -static guint32 krb5_errorcode; static guint32 gbl_keytype; static gboolean gbl_do_col_info; @@ -1533,16 +1537,62 @@ dissect_krb5_PA_PROV_SRV_LOCATION(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, static int dissect_krb5_PW_SALT(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { - guint length; - - /* Microsoft stores a special 12 byte blob here + kerberos_private_data_t *private_data = kerberos_get_private_data(actx); + gint length; + guint32 nt_status = 0; + guint32 reserved = 0; + guint32 flags = 0; + + /* + * Microsoft stores a special 12 byte blob here + * [MS-KILE] 2.2.1 KERB-EXT-ERROR * guint32 NT_status - * guint32 unknown - * guint32 unknown - * However RFC 4120 section 5.2.7.3 leaves it undefined. - * Therefore we only print the hex value. + * guint32 reserved (== 0) + * guint32 flags (at least 0x00000001 is set) */ length = tvb_reported_length_remaining(tvb, offset); + if (length <= 0) { + return offset; + } + if (length != 12) { + goto no_error; + } + + if (private_data->errorcode == 0) { + goto no_error; + } + + if (!private_data->try_nt_status) { + goto no_error; + } + + nt_status = tvb_get_letohl(tvb, offset); + reserved = tvb_get_letohl(tvb, offset + 4); + flags = tvb_get_letohl(tvb, offset + 8); + + if (nt_status == 0 || reserved != 0 || flags == 0) { + goto no_error; + } + + proto_tree_add_item(tree, hf_krb_ext_error_nt_status, tvb, offset, 4, + ENC_LITTLE_ENDIAN); + col_append_fstr(actx->pinfo->cinfo, COL_INFO, + " NT Status: %s", + val_to_str(nt_status, NT_errors, + "Unknown error code %#x")); + offset += 4; + + proto_tree_add_item(tree, hf_krb_ext_error_reserved, tvb, offset, 4, + ENC_LITTLE_ENDIAN); + offset += 4; + + proto_tree_add_item(tree, hf_krb_ext_error_flags, tvb, offset, 4, + ENC_LITTLE_ENDIAN); + offset += 4; + + return offset; + + no_error: proto_tree_add_item(tree, hf_krb_pw_salt, tvb, offset, length, ENC_NA); offset += length; @@ -2106,6 +2156,15 @@ void proto_register_kerberos(void) { { &hf_krb_pw_salt, { "pw-salt", "kerberos.pw_salt", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }}, + { &hf_krb_ext_error_nt_status, /* we keep kerberos.smb.nt_status for compat reasons */ + { "NT Status", "kerberos.smb.nt_status", FT_UINT32, BASE_HEX, + VALS(NT_errors), 0, "NT Status code", HFILL }}, + { &hf_krb_ext_error_reserved, + { "Reserved", "kerberos.ext_error.reserved", FT_UINT32, BASE_HEX, + NULL, 0, NULL, HFILL }}, + { &hf_krb_ext_error_flags, + { "Flags", "kerberos.ext_error.flags", FT_UINT32, BASE_HEX, + NULL, 0, NULL, HFILL }}, { &hf_krb_address_ip, { "IP Address", "kerberos.addr_ip", FT_IPv4, BASE_NONE, NULL, 0, NULL, HFILL }}, diff --git a/epan/dissectors/packet-kerberos.c b/epan/dissectors/packet-kerberos.c index 66ef628c28..aba4b0b8c0 100644 --- a/epan/dissectors/packet-kerberos.c +++ b/epan/dissectors/packet-kerberos.c @@ -94,6 +94,8 @@ typedef struct kerberos_key { typedef struct { guint32 msg_type; + guint32 errorcode; + gboolean try_nt_status; guint32 etype; guint32 padata_type; guint32 is_enc_padata; @@ -130,6 +132,9 @@ static gint hf_krb_rm_reserved = -1; static gint hf_krb_rm_reclen = -1; static gint hf_krb_provsrv_location = -1; static gint hf_krb_pw_salt = -1; +static gint hf_krb_ext_error_nt_status = -1; +static gint hf_krb_ext_error_reserved = -1; +static gint hf_krb_ext_error_flags = -1; static gint hf_krb_address_ip = -1; static gint hf_krb_address_netbios = -1; static gint hf_krb_address_ipv6 = -1; @@ -382,7 +387,7 @@ static int hf_kerberos_PAC_OPTIONS_FLAGS_forward_to_full_dc = -1; static int hf_kerberos_PAC_OPTIONS_FLAGS_resource_based_constrained_delegation = -1; /*--- End of included file: packet-kerberos-hf.c ---*/ -#line 168 "./asn1/kerberos/packet-kerberos-template.c" +#line 173 "./asn1/kerberos/packet-kerberos-template.c" /* Initialize the subtree pointers */ static gint ett_kerberos = -1; @@ -470,7 +475,7 @@ static gint ett_kerberos_PA_FX_FAST_REPLY = -1; static gint ett_kerberos_KrbFastArmoredRep = -1; /*--- End of included file: packet-kerberos-ett.c ---*/ -#line 182 "./asn1/kerberos/packet-kerberos-template.c" +#line 187 "./asn1/kerberos/packet-kerberos-template.c" static expert_field ei_kerberos_decrypted_keytype = EI_INIT; static expert_field ei_kerberos_address = EI_INIT; @@ -479,7 +484,6 @@ static expert_field ei_krb_gssapi_dlglen = EI_INIT; static dissector_handle_t krb4_handle=NULL; /* Global variables */ -static guint32 krb5_errorcode; static guint32 gbl_keytype; static gboolean gbl_do_col_info; @@ -499,7 +503,7 @@ static gboolean gbl_do_col_info; #define KERBEROS_ADDR_TYPE_IPV6 24 /*--- End of included file: packet-kerberos-val.h ---*/ -#line 195 "./asn1/kerberos/packet-kerberos-template.c" +#line 199 "./asn1/kerberos/packet-kerberos-template.c" static void call_kerberos_callbacks(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int tag, kerberos_callbacks *cb) @@ -1841,16 +1845,62 @@ dissect_krb5_PA_PROV_SRV_LOCATION(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, static int dissect_krb5_PW_SALT(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { - guint length; + kerberos_private_data_t *private_data = kerberos_get_private_data(actx); + gint length; + guint32 nt_status = 0; + guint32 reserved = 0; + guint32 flags = 0; - /* Microsoft stores a special 12 byte blob here + /* + * Microsoft stores a special 12 byte blob here + * [MS-KILE] 2.2.1 KERB-EXT-ERROR * guint32 NT_status - * guint32 unknown - * guint32 unknown - * However RFC 4120 section 5.2.7.3 leaves it undefined. - * Therefore we only print the hex value. + * guint32 reserved (== 0) + * guint32 flags (at least 0x00000001 is set) */ length = tvb_reported_length_remaining(tvb, offset); + if (length <= 0) { + return offset; + } + if (length != 12) { + goto no_error; + } + + if (private_data->errorcode == 0) { + goto no_error; + } + + if (!private_data->try_nt_status) { + goto no_error; + } + + nt_status = tvb_get_letohl(tvb, offset); + reserved = tvb_get_letohl(tvb, offset + 4); + flags = tvb_get_letohl(tvb, offset + 8); + + if (nt_status == 0 || reserved != 0 || flags == 0) { + goto no_error; + } + + proto_tree_add_item(tree, hf_krb_ext_error_nt_status, tvb, offset, 4, + ENC_LITTLE_ENDIAN); + col_append_fstr(actx->pinfo->cinfo, COL_INFO, + " NT Status: %s", + val_to_str(nt_status, NT_errors, + "Unknown error code %#x")); + offset += 4; + + proto_tree_add_item(tree, hf_krb_ext_error_reserved, tvb, offset, 4, + ENC_LITTLE_ENDIAN); + offset += 4; + + proto_tree_add_item(tree, hf_krb_ext_error_flags, tvb, offset, 4, + ENC_LITTLE_ENDIAN); + offset += 4; + + return offset; + + no_error: proto_tree_add_item(tree, hf_krb_pw_salt, tvb, offset, length, ENC_NA); offset += length; @@ -2309,7 +2359,7 @@ static const value_string kerberos_ENCTYPE_vals[] = { static int dissect_kerberos_ENCTYPE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 255 "./asn1/kerberos/kerberos.cnf" +#line 259 "./asn1/kerberos/kerberos.cnf" kerberos_private_data_t *private_data = kerberos_get_private_data(actx); offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index, &(private_data->etype)); @@ -2334,7 +2384,7 @@ dissect_kerberos_UInt32(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset static int dissect_kerberos_T_encryptedTicketData_cipher(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 259 "./asn1/kerberos/kerberos.cnf" +#line 263 "./asn1/kerberos/kerberos.cnf" #ifdef HAVE_KERBEROS offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_ticket_data); #else @@ -2462,7 +2512,7 @@ static const value_string kerberos_CKSUMTYPE_vals[] = { static int dissect_kerberos_CKSUMTYPE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 316 "./asn1/kerberos/kerberos.cnf" +#line 320 "./asn1/kerberos/kerberos.cnf" kerberos_private_data_t *private_data = kerberos_get_private_data(actx); offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index, &(private_data->checksum_type)); @@ -2477,7 +2527,7 @@ dissect_kerberos_CKSUMTYPE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int off static int dissect_kerberos_T_checksum(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 320 "./asn1/kerberos/kerberos.cnf" +#line 324 "./asn1/kerberos/kerberos.cnf" tvbuff_t *next_tvb; kerberos_private_data_t *private_data = kerberos_get_private_data(actx); @@ -2544,7 +2594,7 @@ dissect_kerberos_Int32(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset static int dissect_kerberos_T_keytype(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 334 "./asn1/kerberos/kerberos.cnf" +#line 338 "./asn1/kerberos/kerberos.cnf" kerberos_private_data_t *private_data = kerberos_get_private_data(actx); offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index, @@ -2560,7 +2610,7 @@ dissect_kerberos_T_keytype(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int off static int dissect_kerberos_T_keyvalue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 341 "./asn1/kerberos/kerberos.cnf" +#line 345 "./asn1/kerberos/kerberos.cnf" tvbuff_t *out_tvb; kerberos_private_data_t *private_data = kerberos_get_private_data(actx); @@ -2585,7 +2635,7 @@ static const ber_sequence_t EncryptionKey_sequence[] = { static int dissect_kerberos_EncryptionKey(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 350 "./asn1/kerberos/kerberos.cnf" +#line 354 "./asn1/kerberos/kerberos.cnf" kerberos_private_data_t *private_data = kerberos_get_private_data(actx); offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, @@ -2607,7 +2657,7 @@ dissect_kerberos_EncryptionKey(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int static int dissect_kerberos_T_ad_type(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 361 "./asn1/kerberos/kerberos.cnf" +#line 365 "./asn1/kerberos/kerberos.cnf" kerberos_private_data_t *private_data = kerberos_get_private_data(actx); offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index, &(private_data->ad_type)); @@ -2620,7 +2670,7 @@ dissect_kerberos_T_ad_type(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int off static int dissect_kerberos_T_ad_data(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 368 "./asn1/kerberos/kerberos.cnf" +#line 372 "./asn1/kerberos/kerberos.cnf" kerberos_private_data_t *private_data = kerberos_get_private_data(actx); switch(private_data->ad_type){ @@ -2771,7 +2821,7 @@ static const value_string kerberos_ADDR_TYPE_vals[] = { static int dissect_kerberos_ADDR_TYPE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 385 "./asn1/kerberos/kerberos.cnf" +#line 389 "./asn1/kerberos/kerberos.cnf" kerberos_private_data_t *private_data = kerberos_get_private_data(actx); offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index, &(private_data->addr_type)); @@ -2786,7 +2836,7 @@ dissect_kerberos_ADDR_TYPE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int off static int dissect_kerberos_T_address(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 204 "./asn1/kerberos/kerberos.cnf" +#line 208 "./asn1/kerberos/kerberos.cnf" gint8 appclass; gboolean pc; gint32 tag; @@ -3010,14 +3060,14 @@ static const value_string kerberos_PADATA_TYPE_vals[] = { static int dissect_kerberos_PADATA_TYPE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 126 "./asn1/kerberos/kerberos.cnf" +#line 130 "./asn1/kerberos/kerberos.cnf" kerberos_private_data_t* private_data = kerberos_get_private_data(actx); offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index, &(private_data->padata_type)); -#line 129 "./asn1/kerberos/kerberos.cnf" +#line 133 "./asn1/kerberos/kerberos.cnf" if(tree){ proto_item_append_text(tree, " %s", val_to_str(private_data->padata_type, krb5_preauthentication_types, @@ -3032,7 +3082,7 @@ dissect_kerberos_PADATA_TYPE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int o static int dissect_kerberos_T_padata_value(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 136 "./asn1/kerberos/kerberos.cnf" +#line 140 "./asn1/kerberos/kerberos.cnf" proto_tree *sub_tree=tree; kerberos_private_data_t* private_data = kerberos_get_private_data(actx); @@ -3196,7 +3246,7 @@ dissect_kerberos_SEQUENCE_OF_ENCTYPE(gboolean implicit_tag _U_, tvbuff_t *tvb _U static int dissect_kerberos_T_encryptedAuthorizationData_cipher(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 267 "./asn1/kerberos/kerberos.cnf" +#line 271 "./asn1/kerberos/kerberos.cnf" #ifdef HAVE_KERBEROS offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_authenticator_data); #else @@ -3259,7 +3309,7 @@ static const ber_sequence_t KDC_REQ_BODY_sequence[] = { static int dissect_kerberos_KDC_REQ_BODY(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 389 "./asn1/kerberos/kerberos.cnf" +#line 393 "./asn1/kerberos/kerberos.cnf" conversation_t *conversation; /* @@ -3310,7 +3360,7 @@ dissect_kerberos_KDC_REQ(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offse static int dissect_kerberos_AS_REQ(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 433 "./asn1/kerberos/kerberos.cnf" +#line 437 "./asn1/kerberos/kerberos.cnf" kerberos_private_data_t* private_data = kerberos_get_private_data(actx); private_data->msg_type = KRB5_MSG_AS_REQ; @@ -3325,7 +3375,7 @@ dissect_kerberos_AS_REQ(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset static int dissect_kerberos_T_encryptedKDCREPData_cipher(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 275 "./asn1/kerberos/kerberos.cnf" +#line 279 "./asn1/kerberos/kerberos.cnf" #ifdef HAVE_KERBEROS offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_KDC_REP_data); #else @@ -3380,7 +3430,7 @@ dissect_kerberos_KDC_REP(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offse static int dissect_kerberos_AS_REP(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 437 "./asn1/kerberos/kerberos.cnf" +#line 441 "./asn1/kerberos/kerberos.cnf" kerberos_private_data_t* private_data = kerberos_get_private_data(actx); private_data->msg_type = KRB5_MSG_AS_REP; @@ -3395,7 +3445,7 @@ dissect_kerberos_AS_REP(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset static int dissect_kerberos_TGS_REQ(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 445 "./asn1/kerberos/kerberos.cnf" +#line 449 "./asn1/kerberos/kerberos.cnf" kerberos_private_data_t* private_data = kerberos_get_private_data(actx); private_data->msg_type = KRB5_MSG_TGS_REQ; @@ -3410,7 +3460,7 @@ dissect_kerberos_TGS_REQ(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offse static int dissect_kerberos_TGS_REP(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 449 "./asn1/kerberos/kerberos.cnf" +#line 453 "./asn1/kerberos/kerberos.cnf" kerberos_private_data_t* private_data = kerberos_get_private_data(actx); private_data->msg_type = KRB5_MSG_TGS_REP; @@ -3469,7 +3519,7 @@ dissect_kerberos_AP_REQ(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset static int dissect_kerberos_T_encryptedAPREPData_cipher(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 291 "./asn1/kerberos/kerberos.cnf" +#line 295 "./asn1/kerberos/kerberos.cnf" #ifdef HAVE_KERBEROS offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_AP_REP_data); #else @@ -3530,7 +3580,7 @@ dissect_kerberos_AP_REP(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset static int dissect_kerberos_T_kRB_SAFE_BODY_user_data(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 412 "./asn1/kerberos/kerberos.cnf" +#line 416 "./asn1/kerberos/kerberos.cnf" tvbuff_t *new_tvb; offset=dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_index, &new_tvb); if (new_tvb) { @@ -3592,7 +3642,7 @@ dissect_kerberos_KRB_SAFE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offs static int dissect_kerberos_T_encryptedKrbPrivData_cipher(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 299 "./asn1/kerberos/kerberos.cnf" +#line 303 "./asn1/kerberos/kerberos.cnf" #ifdef HAVE_KERBEROS offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_PRIV_data); #else @@ -3653,7 +3703,7 @@ dissect_kerberos_KRB_PRIV(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offs static int dissect_kerberos_T_encryptedKrbCredData_cipher(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 307 "./asn1/kerberos/kerberos.cnf" +#line 311 "./asn1/kerberos/kerberos.cnf" #ifdef HAVE_KERBEROS offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_CRED_data); #else @@ -3779,14 +3829,14 @@ dissect_kerberos_METHOD_DATA(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int o static int dissect_kerberos_T_encrypted_pa_data(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 426 "./asn1/kerberos/kerberos.cnf" +#line 430 "./asn1/kerberos/kerberos.cnf" kerberos_private_data_t* private_data = kerberos_get_private_data(actx); private_data->is_enc_padata = TRUE; offset = dissect_kerberos_METHOD_DATA(implicit_tag, tvb, offset, actx, tree, hf_index); -#line 430 "./asn1/kerberos/kerberos.cnf" +#line 434 "./asn1/kerberos/kerberos.cnf" private_data->is_enc_padata = FALSE; @@ -3870,7 +3920,7 @@ dissect_kerberos_EncAPRepPart(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int static int dissect_kerberos_T_encKrbPrivPart_user_data(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 419 "./asn1/kerberos/kerberos.cnf" +#line 423 "./asn1/kerberos/kerberos.cnf" tvbuff_t *new_tvb; offset=dissect_ber_octet_string(FALSE, actx, tree, tvb, offset, hf_index, &new_tvb); if (new_tvb) { @@ -4083,17 +4133,18 @@ static const value_string kerberos_ERROR_CODE_vals[] = { static int dissect_kerberos_ERROR_CODE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { #line 91 "./asn1/kerberos/kerberos.cnf" + kerberos_private_data_t *private_data = kerberos_get_private_data(actx); offset = dissect_ber_integer(implicit_tag, actx, tree, tvb, offset, hf_index, - &krb5_errorcode); + &private_data->errorcode); -#line 94 "./asn1/kerberos/kerberos.cnf" - if(krb5_errorcode) { +#line 95 "./asn1/kerberos/kerberos.cnf" + if (private_data->errorcode) { col_add_fstr(actx->pinfo->cinfo, COL_INFO, "KRB Error: %s", - val_to_str(krb5_errorcode, krb5_error_codes, + val_to_str(private_data->errorcode, krb5_error_codes, "Unknown error code %#x")); } @@ -4106,8 +4157,10 @@ dissect_kerberos_ERROR_CODE(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int of static int dissect_kerberos_T_e_data(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 104 "./asn1/kerberos/kerberos.cnf" - switch(krb5_errorcode){ +#line 105 "./asn1/kerberos/kerberos.cnf" + kerberos_private_data_t *private_data = kerberos_get_private_data(actx); + + switch (private_data->errorcode) { case KRB5_ET_KRB5KDC_ERR_BADOPTION: case KRB5_ET_KRB5KDC_ERR_CLIENT_REVOKED: case KRB5_ET_KRB5KDC_ERR_KEY_EXP: @@ -4115,6 +4168,7 @@ dissect_kerberos_T_e_data(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offs /* ms windows kdc sends e-data of this type containing a "salt" * that contains the nt_status code for these error codes. */ + private_data->try_nt_status = TRUE; offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_kerberos_e_data, dissect_kerberos_PA_DATA); break; case KRB5_ET_KRB5KDC_ERR_PREAUTH_REQUIRED: @@ -4164,7 +4218,7 @@ dissect_kerberos_KRB_ERROR_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int o static int dissect_kerberos_KRB_ERROR(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 441 "./asn1/kerberos/kerberos.cnf" +#line 445 "./asn1/kerberos/kerberos.cnf" kerberos_private_data_t* private_data = kerberos_get_private_data(actx); private_data->msg_type = KRB5_MSG_ERROR; @@ -4227,7 +4281,7 @@ dissect_kerberos_EncryptedData(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int static int dissect_kerberos_T_pA_ENC_TIMESTAMP_cipher(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 283 "./asn1/kerberos/kerberos.cnf" +#line 287 "./asn1/kerberos/kerberos.cnf" #ifdef HAVE_KERBEROS offset=dissect_ber_octet_string_wcb(FALSE, actx, tree, tvb, offset, hf_index, dissect_krb5_decrypt_PA_ENC_TIMESTAMP); #else @@ -4356,7 +4410,7 @@ dissect_kerberos_PA_S4U2Self(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int o static int dissect_kerberos_T_subject_certificate(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 382 "./asn1/kerberos/kerberos.cnf" +#line 386 "./asn1/kerberos/kerberos.cnf" offset=dissect_ber_octet_string_wcb(implicit_tag, actx, tree, tvb, offset,hf_index, dissect_x509af_Certificate); @@ -4594,7 +4648,7 @@ dissect_kerberos_EncryptedChallenge(gboolean implicit_tag _U_, tvbuff_t *tvb _U_ /*--- End of included file: packet-kerberos-fn.c ---*/ -#line 1859 "./asn1/kerberos/packet-kerberos-template.c" +#line 1909 "./asn1/kerberos/packet-kerberos-template.c" /* Make wrappers around exported functions for now */ int @@ -4845,6 +4899,15 @@ void proto_register_kerberos(void) { { &hf_krb_pw_salt, { "pw-salt", "kerberos.pw_salt", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL }}, + { &hf_krb_ext_error_nt_status, /* we keep kerberos.smb.nt_status for compat reasons */ + { "NT Status", "kerberos.smb.nt_status", FT_UINT32, BASE_HEX, + VALS(NT_errors), 0, "NT Status code", HFILL }}, + { &hf_krb_ext_error_reserved, + { "Reserved", "kerberos.ext_error.reserved", FT_UINT32, BASE_HEX, + NULL, 0, NULL, HFILL }}, + { &hf_krb_ext_error_flags, + { "Flags", "kerberos.ext_error.flags", FT_UINT32, BASE_HEX, + NULL, 0, NULL, HFILL }}, { &hf_krb_address_ip, { "IP Address", "kerberos.addr_ip", FT_IPv4, BASE_NONE, NULL, 0, NULL, HFILL }}, @@ -5793,7 +5856,7 @@ void proto_register_kerberos(void) { NULL, HFILL }}, /*--- End of included file: packet-kerberos-hfarr.c ---*/ -#line 2237 "./asn1/kerberos/packet-kerberos-template.c" +#line 2296 "./asn1/kerberos/packet-kerberos-template.c" }; /* List of subtrees */ @@ -5883,7 +5946,7 @@ void proto_register_kerberos(void) { &ett_kerberos_KrbFastArmoredRep, /*--- End of included file: packet-kerberos-ettarr.c ---*/ -#line 2253 "./asn1/kerberos/packet-kerberos-template.c" +#line 2312 "./asn1/kerberos/packet-kerberos-template.c" }; static ei_register_info ei[] = { -- cgit v1.2.3