Wireshark · Ethereal-dev: [Ethereal-dev] [Kerberos] MS-specific name types

Ethereal-dev: [Ethereal-dev] [Kerberos] MS-specific name types

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Jean-Baptiste Marchand <Jean-Baptiste.Marchand@xxxxxx>

Date: Sat, 17 Jul 2004 00:27:32 +0200

Hello,

the attached patch adds dissection for MS-specific Kerberos name types,
as documented in 

http://msdn.microsoft.com/library/en-us/security/security/kerb_external_name.asp

Because these additional name types are MS-specific, integers
identifying these name types start at -128. Thus, the type of the
hf_krb_name_type field is changed from FT_UINT32 to FT_INT32.

The KRB5_NT_MS_PRINCIPAL name type (-128) is found in tickets requested
to authenticate to the FRSRPC RPC service.

Jean-Baptiste Marchand
-- 
Jean-Baptiste.Marchand@xxxxxx
HSC - http://www.hsc.fr/

Index: packet-kerberos.c
===================================================================
RCS file: /cvsroot/ethereal/packet-kerberos.c,v
retrieving revision 1.71
diff -u -r1.71 packet-kerberos.c
--- packet-kerberos.c	15 Jun 2004 09:50:57 -0000	1.71
+++ packet-kerberos.c	16 Jul 2004 22:19:36 -0000
@@ -575,6 +575,13 @@
 #define KRB5_NT_SMTP_NAME      7
 #define KRB5_NT_ENTERPRISE    10
 
+/* MS specific name types */
+#define KRB5_NT_MS_PRINCIPAL		-128	
+#define KRB5_NT_MS_PRINCIPAL_AND_SID	-129
+#define KRB5_NT_ENT_PRINCIPAL_AND_SID	-130
+#define KRB5_NT_PRINCIPAL_AND_SID 	-131
+#define KRB5_NT_SRV_INST_AND_SID	-132
+
 /* error table constants */
 /* I prefixed the krb5_err.et constant names with KRB5_ET_ for these */
 #define KRB5_ET_KRB5KDC_ERR_NONE                         0
@@ -747,6 +754,11 @@
     { KRB5_NT_X500_PRINCIPAL       , "Encoded X.509 Distinguished Name" },
     { KRB5_NT_SMTP_NAME            , "SMTP Name" },
     { KRB5_NT_ENTERPRISE           , "Enterprise Name" },
+    { KRB5_NT_MS_PRINCIPAL         , "NT 4.0 style name (MS specific)" },
+    { KRB5_NT_MS_PRINCIPAL_AND_SID , "NT 4.0 style name with SID (MS specific)"},
+    { KRB5_NT_ENT_PRINCIPAL_AND_SID, "UPN and SID (MS specific)"},
+    { KRB5_NT_PRINCIPAL_AND_SID    , "Principal name and SID (MS specific)"},
+    { KRB5_NT_SRV_INST_AND_SID     , "SPN and SID (MS specific)"},
     { 0                            , NULL },
 };
 
@@ -3439,7 +3451,7 @@
 	    "Type", "kerberos.pac.signature.type", FT_INT32, BASE_DEC,
 	    NULL, 0, "PAC Signature Type", HFILL }},
 	{ &hf_krb_name_type, {
-	    "Name-type", "kerberos.name_type", FT_UINT32, BASE_DEC,
+	    "Name-type", "kerberos.name_type", FT_INT32, BASE_DEC,
 	    VALS(krb5_princ_types), 0, "Type of principal name", HFILL }},
 	{ &hf_krb_lr_type, {
 	    "Lr-type", "kerberos.lr_type", FT_UINT32, BASE_DEC,

Follow-Ups:
- Re: [Ethereal-dev] [Kerberos] MS-specific name types
  - From: Guy Harris

Prev by Date: [Ethereal-dev] Another RedHat fix
Next by Date: [Ethereal-dev] Some Mandrake 64 bit fixes
Previous by thread: Re: [Ethereal-dev] Another RedHat fix
Next by thread: Re: [Ethereal-dev] [Kerberos] MS-specific name types
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$